Vulnerability Details : CVE-2009-1144
Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library.
Products affected by CVE-2009-1144
- cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
- cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*When used together with: Gentoo » Gentoo Linux
Exploit prediction scoring system (EPSS) score for CVE-2009-1144
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1144
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2009-1144
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1144
Jump to