{"id":"PYSEC-2014-83","details":"The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.","aliases":["CVE-2014-1838","GHSA-rr52-wg7f-8875"],"modified":"2023-11-08T03:57:35.186410Z","published":"2014-03-11T19:37:00Z","references":[{"type":"WEB","url":"http://comments.gmane.org/gmane.comp.security.oss.general/11986"},{"type":"WEB","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051"},{"type":"ADVISORY","url":"http://secunia.com/advisories/57209"},{"type":"WEB","url":"http://www.logilab.org/ticket/207561"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2014-02/msg00085.html"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-rr52-wg7f-8875"}],"affected":[{"package":{"name":"logilab-common","ecosystem":"PyPI","purl":"pkg:pypi/logilab-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.60.1"}]}],"versions":["0.28.1","0.38.0","0.38.1","0.39.0","0.43.0","0.44.0","0.46.0","0.46.1","0.47.0","0.48.1","0.49.0","0.50.0","0.50.1","0.50.2","0.50.3","0.51.0","0.51.1","0.52.0","0.52.1","0.53.0","0.54.0","0.55.0","0.55.2","0.56.0","0.56.1","0.56.2","0.57.0","0.57.1","0.58.1","0.58.3","0.59.0","0.59.1","0.60.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/logilab-common/PYSEC-2014-83.yaml"}}],"schema_version":"1.7.3"}