Fluid Attacks Database

Description

zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	xpdf	>=0 <3.02-19	3.02-19
debian 12	xpdf	>=0 <3.02-19	3.02-19
debian 14	xpdf	>=0 <3.02-19	3.02-19
debian 13	xpdf	>=0 <3.02-19	3.02-19

Aliases

1. CVE-2011-29022. NVD-2011-29023. OSV-DEBIAN-2011-29024. OSV-2011-29025. SECURITY-TRACKER-CVE-2011-2902

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.