Package: poppler-utils Version: 22.08.0-2.1 Tags: security
pdfdetach(1) is vulnerable to directory traversal.
Proof of concept:
$ pwd
/home/jwilk/misc
$ ls /tmp/moo
ls: cannot access '/tmp/moo': No such file or directory
$ pdfdetach -saveall traversal.pdf
$ ls /tmp/moo
/tmp/moo
OK, maybe I was supposed to use -o to specify the destination directory
explicitly... But that doesn't help either:
$ rm -f /tmp/moo
$ pdfdetach -o . -saveall traversal.pdf
$ ls -s /tmp/moo
/tmp/moo
-- System Information:
Architecture: i386
Versions of packages poppler-utils depends on:
ii libpoppler123 22.08.0-2.1
ii libc6 2.36-6
ii libcairo2 1.16.0-7
ii libfreetype6 2.12.1+dfsg-3
ii libgcc-s1 12.2.0-10
ii liblcms2-2 2.13.1-1+b1
ii libstdc++6 12.2.0-10
--
Jakub Wilk
traversal.pdf
Description: Adobe PDF document
