Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
Tug Tex live 1999 (not an official CPE)
Tug Tetex (not an official CPE)
Tug Tex live 2000 (not an official CPE)
Tug Tex live 2001 (not an official CPE)
Tug Tex live 2007 (not an official CPE)
Tug Tex live 1996 (not an official CPE)
Tug Tex live 2008 (not an official CPE)
Tug Tex live 2009 (not an official CPE)
Tug Tex live 1998 (not an official CPE)
Tug Tex live 2002 (not an official CPE)
Tug Tex live 2003 (not an official CPE)
Tug Tex live 2004 (not an official CPE)
Tug Tex live 2005 (not an official CPE)
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=586819 | |||
| USN-937-1 | |||
| GLSA-201206-28 | |||
| SUSE-SR:2010:013 | |||
| SUSE-SR:2010:012 | |||
| FEDORA-2010-8273 |