CVE-2010-1440 – texlive: Integer overflow by processing special commands
https://notcve.org/view.php?id=CVE-2010-1440
Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739. Múltiples desbordamientos de enteros en dvipsk/dospecial.c en dvips en TeX Live 2009 y anteriores y teTeX, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un comando especial en un fichero DVI, relativo a las funciones (1) predospecial y (2) bbdospecial, vulnerabilidad diferente a CVE-2010-0739. • http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://security.gentoo.org/glsa/glsa-201206-28.xml http://www.ubuntu.com/usn/USN-937-1 https://bugzilla.redhat.com/show_bug.cgi?id=586819 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10068 https://access.redhat.com/security • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2010-0829 – dvipng: Multiple array index errors during DVI-to-PNG translation
https://notcve.org/view.php?id=CVE-2010-0829
Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file. Múltiples errores de índice de tabla en set.c en dvipng v1.11 y v1.12, y teTeX, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de una fichero DVI mal formado. • http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041587.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/39914 http://www.debian.org/security/2010/dsa-2048 http://www.ubuntu.com/usn/USN-936-1 http://www.vupen.com/english/advisories/2010/1219 https://bugzilla.redhat.com/show_bug.cgi?id=573999 https://oval.cisecurity.org/repository • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-0739 – texlive: Integer overflow by processing special commands
https://notcve.org/view.php?id=CVE-2010-0739
Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. Desbordamiento de enteros en la función predospecial en dospecial.c en dvips en (1) TeX Live y (2) teTeX puede permitir a atacantes asistidos por usuarios ejecutar código a través de un fichero DVI manipulado que lanza un desbordamiento de búfer basado en pila. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros. • http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git%3Ba=blob%3Bf=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/39390 http://security.gentoo.org/glsa/glsa-201206-28.xml http://www.securityfocus.com/bid/39500 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2007-5940
https://notcve.org/view.php?id=CVE-2007-5940
feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file. feynmf.pl en feynmf 1.08, tal y como se utiliza en TeXLive 2007, permite a usuarios locales sobrescribit archivos de su eleción y ejecutar código de su elección a través de un ataque de enlace simbólico sobre el archivo temporal feynmf$$.pl. • http://bugs.gentoo.org/show_bug.cgi?id=198231 http://osvdb.org/42397 http://secunia.com/advisories/27737 http://secunia.com/advisories/27739 http://security.gentoo.org/glsa/glsa-200711-32.xml http://www.securityfocus.com/bid/26507 http://www.vupen.com/english/advisories/2007/3974 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2007-5935 – dvips -z buffer overflow with long href
https://notcve.org/view.php?id=CVE-2007-5935
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag. Desbodarmiento de búfer basado en pila en hpc.c en dvips en teTeX y TeXlive 2007 y anteriores permite a atacantes con la intervención del usuario ejecutar código de su elección a través de un archivo DVI conm una etiqueta href larga. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081 http://bugs.gentoo.org/show_bug.cgi?id=198238 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://secunia.com/advisories/27672 http://secunia.com/advisories/27686 http://secunia.com/advisories/27718 http://secunia.com/advisories/27743 http://secunia.com/advisories/27967 http://secunia.com/advisories/28107 http://secuni • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •