{"id":"CVE-2014-1838","details":"The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.","aliases":["GHSA-rr52-wg7f-8875","PYSEC-2014-83"],"modified":"2026-02-04T03:05:56.083585Z","published":"2014-03-11T19:37:04Z","related":["MGASA-2014-0118","openSUSE-SU-2024:10400-1","openSUSE-SU-2024:11235-1","openSUSE-SU-2024:14145-1"],"references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/57209"},{"type":"WEB","url":"http://comments.gmane.org/gmane.comp.security.oss.general/11986"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2014-02/msg00085.html"},{"type":"WEB","url":"http://www.logilab.org/ticket/207561"},{"type":"WEB","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051"}],"schema_version":"1.7.3"}