Insecure Temporary File Deletion in zxpdf

Insecure Temporary File Deletion in zxpdf

CVE-2011-2902 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:P

zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.

Learn more about our Cis Benchmark Audit For Debian Linux.