Lucene search

[email protected]CVE-2010-1440

HistoryMay 07, 2010 - 6:24 p.m.

CVE-2010-1440

2010-05-0718:24:15

CWE-189

[email protected]

web.nvd.nist.gov

cve-2010-1440

integer overflow

dvips

tex live

denial of service

remote attackers

arbitrary code

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.145 Low

EPSS

Percentile

95.8%

JSON

Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739.

Affected configurations

NVD

Node

tugtetex

tugtex_liveRange≤2009

tugtex_liveMatch1996

tugtex_liveMatch1998

tugtex_liveMatch1999

tugtex_liveMatch2000

tugtex_liveMatch2001

tugtex_liveMatch2002

tugtex_liveMatch2003

tugtex_liveMatch2004

tugtex_liveMatch2005

tugtex_liveMatch2007

tugtex_liveMatch2008

CPENameOperatorVersion
tug:tetextug tetexeq*
tug:tex_livetug tex livele2009
tug:tex_livetug tex liveeq1996
tug:tex_livetug tex liveeq1998
tug:tex_livetug tex liveeq1999
tug:tex_livetug tex liveeq2000
tug:tex_livetug tex liveeq2001
tug:tex_livetug tex liveeq2002
tug:tex_livetug tex liveeq2003
tug:tex_livetug tex liveeq2004

CPE	Name	Operator	Version
tug:tetex	tug tetex	eq	*
tug:tex_live	tug tex live	le	2009
tug:tex_live	tug tex live	eq	1996
tug:tex_live	tug tex live	eq	1998
tug:tex_live	tug tex live	eq	1999
tug:tex_live	tug tex live	eq	2000
tug:tex_live	tug tex live	eq	2001
tug:tex_live	tug tex live	eq	2002
tug:tex_live	tug tex live	eq	2003
tug:tex_live	tug tex live	eq	2004