CVE-2007-5935
published 2007-11-13CVE-2007-5935: Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file…
PriorityP426medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.95%
89.1th percentile
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | texlive-bin | < texlive-bin 2007.dfsg.1-1 (bookworm) | texlive-bin 2007.dfsg.1-1 (bookworm) |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
teTeX and TeX Live vulnerabilities
vendor_ubuntu·2007-12-06·CVSS 6.8
CVE-2007-5937 [MEDIUM] teTeX and TeX Live vulnerabilities
Title: teTeX and TeX Live vulnerabilities
Summary: teTeX and TeX Live vulnerabilities
Bastien Roucaries discovered that dvips as included in tetex-bin
and texlive-bin did not properly perform bounds checking. If a
user or automated system were tricked into processing a specially
crafted dvi file, dvips could be made to crash and execute code as
the user invoking the program. (CVE-2007-5935)
Joachim Schrod discovered that the dviljk utilities created
temporary files in an insecure way. Local users could exploit a
race condition to create or overwrite files with the privileges of
the user invoking the program. (CVE-2007-5936)
Joachim Schrod discovered that the dviljk utilities did not
perform bounds checking in many instances. If a user or automated
system were tricked into processing a
Red Hat
dvips -z buffer overflow with long href
vendor_redhat·2007-10-17·CVSS 6.8
CVE-2007-5935 [MEDIUM] dvips -z buffer overflow with long href
dvips -z buffer overflow with long href
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.
Statement: Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5935
The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.
Debian
CVE-2007-5935: texlive-bin - Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earl...
vendor_debian·2007·CVSS 6.8
CVE-2007-5935 [MEDIUM] CVE-2007-5935: texlive-bin - Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earl...
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.
Scope: local
bookworm: resolved (fixed in 2007.dfsg.1-1)
bullseye: resolved (fixed in 2007.dfsg.1-1)
forky: resolved (fixed in 2007.dfsg.1-1)
sid: resolved (fixed in 2007.dfsg.1-1)
trixie: resolved (fixed in 2007.dfsg.1-1)
GHSA
GHSA-m7c5-9grq-3jqp: Stack-based buffer overflow in hpc
ghsa_unreviewed·2022-05-01
CVE-2007-5935 [MEDIUM] CWE-119 GHSA-m7c5-9grq-3jqp: Stack-based buffer overflow in hpc
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.
OSV
CVE-2007-5935: Stack-based buffer overflow in hpc
osv·2007-11-13·CVSS 6.8
CVE-2007-5935 [MEDIUM] CVE-2007-5935: Stack-based buffer overflow in hpc
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.
No detection rules found.
No public exploits indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081http://bugs.gentoo.org/show_bug.cgi?id=198238http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.htmlhttp://secunia.com/advisories/27672http://secunia.com/advisories/27686http://secunia.com/advisories/27718http://secunia.com/advisories/27743http://secunia.com/advisories/27967http://secunia.com/advisories/28107http://secunia.com/advisories/28412http://secunia.com/advisories/30168http://security.gentoo.org/glsa/glsa-200711-26.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266http://www.mandriva.com/security/advisories?name=MDKSA-2007:230http://www.securityfocus.com/archive/1/487984/100/0/threadedhttp://www.securityfocus.com/bid/26469http://www.securitytracker.com/id?1019058http://www.vupen.com/english/advisories/2007/3896https://bugzilla.redhat.com/show_bug.cgi?id=368591https://issues.rpath.com/browse/RPL-1928https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311https://usn.ubuntu.com/554-1/https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.htmlhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081http://bugs.gentoo.org/show_bug.cgi?id=198238http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.htmlhttp://secunia.com/advisories/27672http://secunia.com/advisories/27686http://secunia.com/advisories/27718http://secunia.com/advisories/27743http://secunia.com/advisories/27967http://secunia.com/advisories/28107http://secunia.com/advisories/28412http://secunia.com/advisories/30168http://security.gentoo.org/glsa/glsa-200711-26.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266http://www.mandriva.com/security/advisories?name=MDKSA-2007:230http://www.securityfocus.com/archive/1/487984/100/0/threadedhttp://www.securityfocus.com/bid/26469http://www.securitytracker.com/id?1019058http://www.vupen.com/english/advisories/2007/3896https://bugzilla.redhat.com/show_bug.cgi?id=368591https://issues.rpath.com/browse/RPL-1928https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311https://usn.ubuntu.com/554-1/https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
2007-11-13
Published