PT-2007-6868 · Tex+1 · Tetex+3

Lubomir Kundrak

Publicado

2007-11-13

Atualizado

2018-10-15

CVE-2007-5935

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions teTeX versions prior to 2007 TeXlive versions prior to 2007

Description The issue is related to a stack-based buffer overflow in the hpc.c file of dvips, which can be exploited by user-assisted attackers. This can be achieved through a DVI file containing a long href tag, potentially allowing the execution of arbitrary code.

Recommendations For teTeX versions prior to 2007, update to a version newer than 2007. For TeXlive versions prior to 2007, update to a version newer than 2007.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2007-5935

DTSA-97-1

RHSA-2010:0399

RHSA-2010:0401

RHSA-2010_0399

Produtos afetados

Red Hat

Tex Live

Dvips

Tetex

PT-2007-6868 · Tex+1 · Tetex+3

CVE-2007-5935

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 82