CVE-2006-4810

Name of the Vulnerable Software and Affected Versions texinfo versions 4.8 and earlier texinfo version 4.7 texinfo version 4.5 texinfo version 4.0b

Description The issue is related to multiple vulnerabilities in the texinfo package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited by a local attacker. A buffer overflow in the readline function in util/texindex.c, used by the texi2dvi and texindex commands, allows local users to execute arbitrary code via a crafted Texinfo file.

Recommendations For texinfo versions 4.8 and earlier, update to a version later than 4.8 to resolve the issue. For texinfo version 4.7, consider disabling the vulnerable readline function in util/texindex.c as a temporary workaround until a patch is available. For texinfo version 4.5, restrict access to the texi2dvi and texindex commands to minimize the risk of exploitation. For texinfo version 4.0b, avoid using the texinfo package until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability for some versions, so consider the above recommendations as temporary workarounds.