CVE-2009-1144
https://notcve.org/view.php?id=CVE-2009-1144
Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library. Vulnerabilidad de ruta de búsqueda no confiable en el paquete Gentoo de Xpdf anteriores a v3.02-r2, permite a usuarios locales obtener privilegios a través de un troyano (fichero xpdfrc) en el directorio de trabajo actual, relativo a la macro SYSTEM_XPDFRC no fijada en el proceso de construcción Gentoo, que usa la biblioteca poppler. • http://bugs.gentoo.org/show_bug.cgi?id=200023 http://bugs.gentoo.org/show_bug.cgi?id=242930 http://osvdb.org/53529 http://secunia.com/advisories/34610 http://security.gentoo.org/glsa/glsa-200904-07.xml http://www.securityfocus.com/bid/34401 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2005-0064
https://notcve.org/view.php?id=CVE-2005-0064
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value. • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921 http://marc.info/?l=bugtraq&m=110625368019554&w=2 http://secunia.com/advisories/17277 http://www.debian.org/security/2005/dsa-645 http://www.debian.org/security/2005/dsa-648 http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities http://www.mandriva.com/s •