|Description||pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked by CUPS.|
|Source||CVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||medium (attack range: local)|
Vulnerable and fixed packages
The table below lists information on source packages.
|cups (PTS)||wheezy (security), wheezy||1.5.3-5+deb7u6||fixed|
|jessie (security), jessie||1.7.5-11+deb8u1||fixed|
The information below is based on the following data on fixed versions.
[sarge] - cupsys <no-dsa> (Minor issue)
the debian package is a bit confusing here as it also ships a pdftops
wrapper script as an example but the original script is installed