CVE-2010-2642

Name of the Vulnerable Software and Affected Versions texlive-debuginfo-2007 versions 2007 texlive-dviutils-2007 versions 2007 texlive-context-2007 versions 2007 texlive-utils-2007 versions 2007 texlive-2007 versions 2007 t1lib versions 5.1.2 and earlier texlive-dvips-2007 versions 2007 texlive-xetex-2007 versions 2007 mendexk-2.6e versions 2.6e texlive-afm-2007 versions 2007 kpathsea-2007 versions 2007 kpathsea-devel-2007 versions 2007 texlive-east-asian-2007 versions 2007 texlive-latex-2007 versions 2007

Description The issue is related to multiple vulnerabilities in various packages of the texlive and t1lib software, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A heap-based buffer overflow in the AFM font parser in the dvi-backend component allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font in conjunction with a DVI file.

Recommendations For texlive-debuginfo-2007 version 2007, update to a newer version. For texlive-dviutils-2007 version 2007, update to a newer version. For texlive-context-2007 version 2007, update to a newer version. For texlive-utils-2007 version 2007, update to a newer version. For texlive-2007 version 2007, update to a newer version. For t1lib version 5.1.2 and earlier, update to a newer version. For texlive-dvips-2007 version 2007, update to a newer version. For texlive-xetex-2007 version 2007, update to a newer version. For mendexk-2.6e version 2.6e, update to a newer version. For texlive-afm-2007 version 2007, update to a newer version. For kpathsea-2007 version 2007, update to a newer version. For kpathsea-devel-2007 version 2007, update to a newer version. For texlive-east-asian-2007 version 2007, update to a newer version. For texlive-latex-2007 version 2007, update to a newer version. As a temporary workaround, consider disabling the AFM font parser in the dvi-backend component until a patch is available.