CVE-2007-5936
Mandriva Linux Security Advisory 2007.230
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
dvips en teTex y TeXlive 2007 y anteriores permite a usuarios locales obtener información sensible y modificar ciertos datos a través de la creación de ciertos archivos temporales antes de que sean procesados por dviljk, lo cual permite que puedan ser leidos o modificados en el lugar.
A flaw in the t1lib library where an attacker could create a malicious file that would cause tetex to crash or possibly execute arbitrary code when opened. Alin Rad Pop found several flaws in how PDF files are handled in tetex. An attacker could create a malicious PDF file that would cause tetex to crash or potentially execute arbitrary code when opened. A stack-based buffer overflow in dvips in tetex allows for user-assisted attackers to execute arbitrary code via a DVI file with a long href tag. A vulnerability in dvips in tetex allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place. Multiple buffer overflows in dviljk in tetext may allow users-assisted attackers to execute arbitrary code via a crafted DVI input file.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-11-13 CVE Reserved
- 2007-11-13 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (26)
| URL | Tag | Source |
|---|---|---|
| http://bugs.gentoo.org/attachment.cgi?id=135423 | X_refsource_misc | |
| http://bugs.gentoo.org/show_bug.cgi?id=198238 | X_refsource_confirm | |
| http://osvdb.org/42238 | Vdb Entry | |
| http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/487984/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/26469 | Vdb Entry | |
| http://www.securitytracker.com/id?1019058 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/3896 | Vdb Entry | |
| https://bugzilla.redhat.com/show_bug.cgi?id=368611 | X_refsource_confirm | |
| https://issues.rpath.com/browse/RPL-1928 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html | 2018-10-15 | |
| http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html | 2018-10-15 | |
| http://secunia.com/advisories/27672 | 2018-10-15 | |
| http://secunia.com/advisories/27686 | 2018-10-15 | |
| http://secunia.com/advisories/27718 | 2018-10-15 | |
| http://secunia.com/advisories/27743 | 2018-10-15 | |
| http://secunia.com/advisories/27967 | 2018-10-15 | |
| http://secunia.com/advisories/28107 | 2018-10-15 | |
| http://secunia.com/advisories/28412 | 2018-10-15 | |
| http://secunia.com/advisories/30168 | 2018-10-15 | |
| http://security.gentoo.org/glsa/glsa-200711-26.xml | 2018-10-15 | |
| http://security.gentoo.org/glsa/glsa-200711-34.xml | 2018-10-15 | |
| http://security.gentoo.org/glsa/glsa-200805-13.xml | 2018-10-15 | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:230 | 2018-10-15 | |
| https://usn.ubuntu.com/554-1 | 2018-10-15 | |
| https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html | 2018-10-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tetex Search vendor "Tetex" | Tetex Search vendor "Tetex" for product "Tetex" | * | - |
Affected
| ||||||
| Tug Search vendor "Tug" | Texlive 2007 Search vendor "Tug" for product "Texlive 2007" | * | - |
Affected
| ||||||