CVE-2013-4472

Description

The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

How to fix CVE-2013-4472

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Debian/poppler—no fix listed
• Debian/xpdf—no fix listed

Is CVE-2013-4472 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0
• from 0

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-4472