Veracode Vulnerability DatabaseVERACODE:24045Arbitrary Code Execution
0.145 Low
EPSS
Percentile
95.8%
tetex is vulnerable to arbitrary code execution. The vulnerability exists through multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tetex | eq | 3.0__33.2.el5_1.2 | |
| tetex | eq | 3.0__33.1.el5 | |
| tetex | eq | 3.0__33.2.el5_1.2 | |
| tetex | eq | 3.0__33.1.el5 |
References
git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git%3Ba=blob%3Bf=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch
git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git;a=blob;f=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch
lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html
lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
secunia.com/advisories/39390
security.gentoo.org/glsa/glsa-201206-28.xml
www.redhat.com/security/updates/classification/#moderate
www.securityfocus.com/bid/39500
www.ubuntu.com/usn/USN-937-1
access.redhat.com/errata/RHSA-2010:0399
access.redhat.com/errata/RHSA-2010:0400
access.redhat.com/errata/RHSA-2010:0401
access.redhat.com/security/cve/CVE-2010-0739
bugzilla.redhat.com/show_bug.cgi?id=572941
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11468
Related
