Jakub Wilk reports that pdf2djvu incorrectly creates a temporary file in /tmp and passes the name of the file to c44 (a command-line IW44 encoder). "Unfortunately, it turns out that c44 deletes the output file, and then creates a new one under the same name (without O_EXCL). This opens a race window, during which malicious user could their own file under this name." Additional information: http://seclists.org/oss-sec/2015/q2/399 Upstream bug: https://bitbucket.org/jwilk/pdf2djvu/issue/103 Upstream patch: https://bitbucket.org/jwilk/pdf2djvu/commits/62c3c48098d6
Created pdf2djvu tracking bugs for this issue: Affects: fedora-all [bug 1221233] Affects: epel-7 [bug 1221235]
pdf2djvu-0.7.21-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.