CVE-2010-1440

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions TeX Live versions prior to 2010 teTeX (affected versions not specified)

Description The issue is related to multiple integer overflows in the dospecial.c file of the dvips component, specifically in the predospecial and bbdospecial functions. This can be exploited by remote attackers via a special command in a DVI file, potentially leading to a denial of service (application crash) or possibly the execution of arbitrary code.

Recommendations For TeX Live versions prior to 2010, update to a version from 2010 or later to resolve the issue. For teTeX, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2010-1440

RHSA-2010:0399

RHSA-2010:0400

RHSA-2010:0401

RHSA-2010_0399

RHSA-2010_0400

Affected Products

Red Hat

Tex Live

Tetex

CVE-2010-1440

Weakness Enumeration

Related Identifiers

Affected Products

References · 68