PT-2010-2553 · Tex Users+2 · Tex Live+3
Dan Rosenberg
·
Publicado
2010-05-06
·
Atualizado
2017-09-19
·
CVE-2010-0827
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
TeX Live versions 2009 and earlier
teTeX (affected versions not specified)
Description
The issue is related to an integer overflow in dvips, which can be triggered by a crafted virtual font (VF) file associated with a DVI file. This can cause a denial of service, resulting in an application crash, or potentially allow the execution of arbitrary code.
Recommendations
For TeX Live versions 2009 and earlier, consider updating to a newer version to mitigate the risk.
For teTeX, at the moment, there is no information about a newer version that contains a fix for this issue.
Correção
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Red Hat
Tex Live
Dvips
Tetex