PT-2007-6868 · Tex+1 · Tetex+3

Lubomir Kundrak

Published

2007-11-13

Updated

2018-10-15

CVE-2007-5935

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions teTeX versions prior to 2007 TeXlive versions prior to 2007

Description The issue is related to a stack-based buffer overflow in the hpc.c file of dvips, which can be exploited by user-assisted attackers. This can be achieved through a DVI file containing a long href tag, potentially allowing the execution of arbitrary code.

Recommendations For teTeX versions prior to 2007, update to a version newer than 2007. For TeXlive versions prior to 2007, update to a version newer than 2007.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2007-5935

DTSA-97-1

RHSA-2010:0399

RHSA-2010:0401

RHSA-2010_0399

Affected Products

Red Hat

Tex Live

Dvips

Tetex

PT-2007-6868 · Tex+1 · Tetex+3

CVE-2007-5935

Weakness Enumeration

Related Identifiers

Affected Products

References · 82