CVE-2009-1144

EPSS 0.09%
Published 09.04.2009 15:08:35
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Foolabs ≫ Xpdf Version0.5a

Gentoo ≫ Gentoo Linux

Foolabs ≫ Xpdf Version0.7a

Gentoo ≫ Gentoo Linux

Foolabs ≫ Xpdf Version0.91a

Gentoo ≫ Gentoo Linux

Foolabs ≫ Xpdf Version0.91b

Gentoo ≫ Gentoo Linux

Foolabs ≫ Xpdf Version0.91c

Gentoo ≫ Gentoo Linux

Foolabs ≫ Xpdf Version0.92a

Gentoo ≫ Gentoo Linux

Foolabs ≫ Xpdf Version0.92b

Gentoo ≫ Gentoo Linux

Foolabs ≫ Xpdf Version0.92c

Gentoo ≫ Gentoo Linux

Foolabs ≫ Xpdf Version0.92d

Gentoo ≫ Gentoo Linux

Foolabs ≫ Xpdf Version0.92e

Gentoo ≫ Gentoo Linux

Foolabs ≫ Xpdf Version0.93a

Gentoo ≫ Gentoo Linux

Foolabs ≫ Xpdf Version0.93b

Gentoo ≫ Gentoo Linux

Foolabs ≫ Xpdf Version0.93c

Gentoo ≫ Gentoo Linux

Foolabs ≫ Xpdf Version1.00a

Gentoo ≫ Gentoo Linux

Glyphandcog ≫ Xpdfreader Version <= 3.02

Gentoo ≫ Gentoo Linux

Glyphandcog ≫ Xpdfreader Version0.2

Gentoo ≫ Gentoo Linux

Glyphandcog ≫ Xpdfreader Version0.3

Gentoo ≫ Gentoo Linux

Glyphandcog ≫ Xpdfreader Version0.4

Gentoo ≫ Gentoo Linux

Glyphandcog ≫ Xpdfreader Version0.5

Gentoo ≫ Gentoo Linux

Glyphandcog ≫ Xpdfreader Version0.6

Gentoo ≫ Gentoo Linux

Glyphandcog ≫ Xpdfreader Version0.7

Gentoo ≫ Gentoo Linux

Glyphandcog ≫ Xpdfreader Version0.80

Gentoo ≫ Gentoo Linux

Glyphandcog ≫ Xpdfreader Version0.90

Gentoo ≫ Gentoo Linux

Glyphandcog ≫ Xpdfreader Version0.91

Gentoo ≫ Gentoo Linux

Glyphandcog ≫ Xpdfreader Version0.93

Gentoo ≫ Gentoo Linux

Glyphandcog ≫ Xpdfreader Version1.00

Gentoo ≫ Gentoo Linux

Glyphandcog ≫ Xpdfreader Version1.01

Gentoo ≫ Gentoo Linux

Glyphandcog ≫ Xpdfreader Version2.00

Gentoo ≫ Gentoo Linux

Glyphandcog ≫ Xpdfreader Version2.01

Gentoo ≫ Gentoo Linux

Glyphandcog ≫ Xpdfreader Version2.02

Gentoo ≫ Gentoo Linux

Glyphandcog ≫ Xpdfreader Version2.03

Gentoo ≫ Gentoo Linux

Glyphandcog ≫ Xpdfreader Version3.00

Gentoo ≫ Gentoo Linux

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.23

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://bugs.gentoo.org/show_bug.cgi?id=200023

Vendor Advisory

http://bugs.gentoo.org/show_bug.cgi?id=242930

Vendor Advisory

http://osvdb.org/53529

http://secunia.com/advisories/34610

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200904-07.xml

http://www.securityfocus.com/bid/34401

https://nvd.nist.gov/vuln/detail/CVE-2009-1144

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1144

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1144

EUVD