CVE-2008-5299

Description

chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories.

How to fix CVE-2008-5299

To remediate CVE-2008-5299, upgrade the affected package to a fixed version below.

• Debian/chm2pdf—upgrade to 0.9.1-1.1 or later

Is CVE-2008-5299 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.9.1-1.1

References (8)

• ADVISORYsecunia.com/advisories/32257
• ADVISORYsecunia.com/advisories/43109
• ADVISORYwww.vupen.com/english/advisories/2011/0236
• WEBbugs.debian.org/cgi-bin/bugreport.cgi?bug=501959
• WEB