Control: tags -1 + help Am 29.01.2023 um 00:00 teilte Frank Heckenbach mit:
Hi,
Classic /tmp write vulnerability: function dir_writable writes to "/tmp/1" (and if this fails, "/tmp/2" etc.) without sufficient checks. Harmless demonstration: % mkfifo /tmp/1 % epspdf /etc/hostname /dev/null # any non-empty input file will do hangs indefinitely trying to write to the pipe (as can be seen using strace).
I sent an E-Mail to upstream, however I don't expect a fast response. Tagging "help" for know. Hilmar -- sigfault
