CVE-2013-4472

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2013-4472

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2013-4472.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2013-4472

Downstream

DEBIAN-CVE-2013-4472

ECHO-7ebf-d455-2fa5

Published

2014-04-22T14:23:34Z

Modified

2026-04-10T03:44:31.081367Z

Summary

[none]

Details

The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

References

http://osvdb.org/99064
http://poppler.freedesktop.org/releases.html
http://seclists.org/oss-sec/2013/q4/181
http://seclists.org/oss-sec/2013/q4/183

CVE-2013-4472

Affected packages