CVE-2011-5244
https://notcve.org/view.php?id=CVE-2011-5244
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433. Multiples errores off-by-one en las funciones (1) token y (2) linetoken en backend/dvi/MDVI-lib/afmparse.c en t1lib, tal y como se utiliza en teTeX v3.0.x, GNOME Evince, y posiblemente otros productos, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código de su elección a través de un archivo que contiene un fichero DVI hecho a mano que contiene un archivo Adobe Font Metrics (AFM). Se trata de una vulnerabilidad diferente a CVE-2010-2642 y CVE-2011-0433. • http://git.gnome.org/browse/evince/commit/?id=439c5070022e http://git.gnome.org/browse/evince/commit/?id=d4139205b010 http://www.openwall.com/lists/oss-security/2011/03/04/21 https://bugzilla.gnome.org/show_bug.cgi?id=643882 https://exchange.xforce.ibmcloud.com/vulnerabilities/80271 https://security.gentoo.org/glsa/201701-57 • CWE-189: Numeric Errors •
CVE-2011-0433 – t1lib: Heap-based buffer overflow DVI file AFM font parser
https://notcve.org/view.php?id=CVE-2011-0433
Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642. Un desbordamiento de búfer basado en memoria dinámica ('heap') en la función linetoken en afmparse.c en t1lib, tal y como se utiliza en teTeX v3.0.x, GNOME Evince, y posiblemente otros productos, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código de su elección a través de un archivo que contiene un DVI que contiene un archivo Adobe Font Metrics (AFM) hecho a mano. Se trata de una vulnerabilidad diferente a CVE-2010-2642. • http://rhn.redhat.com/errata/RHSA-2012-1201.html http://secunia.com/advisories/48985 http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow https://bugzilla.gnome.org/show_bug.cgi?id=640923 https://bugzilla.redhat.com/show_bug.cgi?id=679732 https://security.gentoo.org/glsa/201701-57 https://access.redhat.com/security/cve/CVE-2011-0433 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2009-3608 – xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016)
https://notcve.org/view.php?id=CVE-2009-3608
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. Desbordamiento de entero en la función ObjectStream::ObjectStream en XRef.cc en Xpdf y Poppler, usado en GPdf, kdegraphics KPDF, y CUPS pdftopf y teTeX, podría permitir a atacantes remotos ejecutar código de su elección a través de un documento PDF manipulado que provoca un desbordamiento de búfer basado en memoria dinámica (heap). • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://poppler.freedesktop.org http://secunia.com/advisories/37028 http://secunia.com/advisories/37034 http://secunia.com/advi • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2007-5936
https://notcve.org/view.php?id=CVE-2007-5936
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place. dvips en teTex y TeXlive 2007 y anteriores permite a usuarios locales obtener información sensible y modificar ciertos datos a través de la creación de ciertos archivos temporales antes de que sean procesados por dviljk, lo cual permite que puedan ser leidos o modificados en el lugar. • http://bugs.gentoo.org/attachment.cgi?id=135423 http://bugs.gentoo.org/show_bug.cgi?id=198238 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://osvdb.org/42238 http://secunia.com/advisories/27672 http://secunia.com/advisories/27686 http://secunia.com/advisories/27718 http://secunia.com/advisories/27743 http://secunia.com/advisories/27967 http://secunia.com/advisories/2810 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-5935 – dvips -z buffer overflow with long href
https://notcve.org/view.php?id=CVE-2007-5935
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag. Desbodarmiento de búfer basado en pila en hpc.c en dvips en teTeX y TeXlive 2007 y anteriores permite a atacantes con la intervención del usuario ejecutar código de su elección a través de un archivo DVI conm una etiqueta href larga. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081 http://bugs.gentoo.org/show_bug.cgi?id=198238 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://secunia.com/advisories/27672 http://secunia.com/advisories/27686 http://secunia.com/advisories/27718 http://secunia.com/advisories/27743 http://secunia.com/advisories/27967 http://secunia.com/advisories/28107 http://secuni • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •