CVE-2008-5298

Description

chm2pdf 0.9 uses temporary files in directories with fixed names, which allows local users to cause a denial of service (chm2pdf failure) of other users by creating those directories ahead of time.

How to fix CVE-2008-5298

To remediate CVE-2008-5298, upgrade the affected package to a fixed version below.

• Debian/chm2pdf—upgrade to 0.9.1-1.1 or later

Is CVE-2008-5298 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.9.1-1.1

References (9)

• ADVISORYsecunia.com/advisories/32257
• ADVISORYsecunia.com/advisories/43109
• ADVISORYwww.vupen.com/english/advisories/2011/0236
• WEBbugs.debian.org/cgi-bin/bugreport.cgi?bug=501959
• WEB