Lucene search

[email protected]CVE-2010-0827

HistoryMay 07, 2010 - 6:24 p.m.

CVE-2010-0827

2010-05-0718:24:15

CWE-189

[email protected]

web.nvd.nist.gov

cve-2010-0827

integer overflow

dvips

tex live

application crash

arbitrary code

remote attackers

denial of service

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.048 Low

EPSS

Percentile

92.7%

JSON

Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.

Affected configurations

NVD

Node

tugtex_liveRange≤2009

tugtex_liveMatch1996

tugtex_liveMatch1998

tugtex_liveMatch1999

tugtex_liveMatch2000

tugtex_liveMatch2001

tugtex_liveMatch2002

tugtex_liveMatch2003

tugtex_liveMatch2004

tugtex_liveMatch2005

tugtex_liveMatch2007

tugtex_liveMatch2008

Node

tugtetex

CPENameOperatorVersion
tug:tex_livetug tex livele2009
tug:tex_livetug tex liveeq1996
tug:tex_livetug tex liveeq1998
tug:tex_livetug tex liveeq1999
tug:tex_livetug tex liveeq2000
tug:tex_livetug tex liveeq2001
tug:tex_livetug tex liveeq2002
tug:tex_livetug tex liveeq2003
tug:tex_livetug tex liveeq2004
tug:tex_livetug tex liveeq2005

CPE	Name	Operator	Version
tug:tex_live	tug tex live	le	2009
tug:tex_live	tug tex live	eq	1996
tug:tex_live	tug tex live	eq	1998
tug:tex_live	tug tex live	eq	1999
tug:tex_live	tug tex live	eq	2000
tug:tex_live	tug tex live	eq	2001
tug:tex_live	tug tex live	eq	2002
tug:tex_live	tug tex live	eq	2003
tug:tex_live	tug tex live	eq	2004
tug:tex_live	tug tex live	eq	2005