Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2010-0739

Published: 16/04/2010 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Tug

Vulnerability Summary

Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote malicious users to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Vulnerable Product Search on Vulmon Subscribe to Product

tug tetex

tug tex live

Vendor Advisories

Debian CVElist Bug Report Logs: texlive-bin: Fix arbitrary code execution via integer overflow
Debian Bug report logs - #580668 texlive-bin: Fix arbitrary code execution via integer overflow Package: texlive-bin; Maintainer for texlive-bin is Debian TeX Maintainers <debian-tex-maint@listsdebianorg>; Reported by: أحمد المحمودي <aelmahmoudy@sabilyorg> Date: Fri, 7 May 2010 16:03:01 UTC Severity: ...
Ubuntu Security Notice: texlive-bin vulnerabilities
It was discovered that TeX Live incorrectly handled certain long bib bibliography files If a user or automated system were tricked into processing a specially crafted bib file, an attacker could cause a denial of service via application crash This issue only affected Ubuntu 804 LTS, 904 and 910 (CVE-2009-1284) ...

References

CWE-189https://bugzilla.redhat.com/show_bug.cgi?id=572941http://secunia.com/advisories/39390http://www.securityfocus.com/bid/39500http://www.ubuntu.com/usn/USN-937-1http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlhttp://security.gentoo.org/glsa/glsa-201206-28.xmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11468http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git%3Ba=blob%3Bf=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patchhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580668https://usn.ubuntu.com/937-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook