CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-17407 – texlive: Buffer overflow in t1_check_unusual_charstring function in writet1.c
https://notcve.org/view.php?id=CVE-2018-17407
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex. Se ha descubierto un problema en las funciones t1_check_unusual_charstring en los archivos writet1.c en TeX Live en versiones anteriores al 21/09/2018. Un desbordamiento de búfer en el manejo de fuentes Type 1 permite la ejecución arbitraria de código cuando una fuente maliciosa es cargada por una de las herramientas vulnerables: pdflatex, pdftex, dvips o luatex. • https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c https://lists.debian.org/debian-security-announce/2018/msg00230.html https://usn.ubuntu.com/3788-1 https://usn.ubuntu.com/3788-2 https://www.debian.org/security/2018/dsa-4299 https://access.redhat.com/security/cve/CVE-2018-17407 https://bugzilla.redhat.com/show_bug.cgi?id=1632802 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17513
https://notcve.org/view.php?id=CVE-2017-17513
TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua. TeX Live hasta la versión 20170524 no valida cadenas antes de iniciar el programa especificado por la variable de entorno BROWSER. Esto podría permitir que atacantes remotos lleven a cabo ataques de inyección de argumentos mediante una URL manipulada. Esto se relaciona con linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua y texmf-dist/tex/luatex/lualibs/lualibs-os.lua. • https://security-tracker.debian.org/tracker/CVE-2017-17513 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.8EPSS: 4%CPEs: 13EXPL: 0CVE-2010-0827 – texlive: Buffer overflow flaw by processing virtual font files
https://notcve.org/view.php?id=CVE-2010-0827
Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file. Desbordamiento de entero en dvips en TeX Live 2009 y anteriores, y teTeX, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de una fuente virtual manipulada, asociada a un fichero DVI. • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://security-tracker.debian.org/tracker/CVE-2010-0827 http://security.gentoo.org/glsa/glsa-201206-28.xml http://www.securityfocus.com/bid/39971 http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?r1=18009&r2=18095 http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=log http://www.u • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 4%CPEs: 13EXPL: 0CVE-2010-1440 – texlive: Integer overflow by processing special commands
https://notcve.org/view.php?id=CVE-2010-1440
Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739. Múltiples desbordamientos de enteros en dvipsk/dospecial.c en dvips en TeX Live 2009 y anteriores y teTeX, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un comando especial en un fichero DVI, relativo a las funciones (1) predospecial y (2) bbdospecial, vulnerabilidad diferente a CVE-2010-0739. • http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://security.gentoo.org/glsa/glsa-201206-28.xml http://www.ubuntu.com/usn/USN-937-1 https://bugzilla.redhat.com/show_bug.cgi?id=586819 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10068 https://access.redhat.com/security&# • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •