CVE-2007-5935 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Texlive-bin

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

6.3%

top 8.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Texlive-bin

Timeline

PublishedNov 13

Latest updateMay 1

Description

Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶debiandebian/texlive-bin< texlive-bin 2007.dfsg.1-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-m7c5-9grq-3jqp: Stack-based buffer overflow in hpc↗2022-05-01

▶

OSV

CVE-2007-5935: Stack-based buffer overflow in hpc↗2007-11-13

▶

📋Vendor Advisories

Ubuntu

teTeX and TeX Live vulnerabilities↗2007-12-06

▶

Red Hat

dvips -z buffer overflow with long href↗2007-10-17

▶

Debian

CVE-2007-5935: texlive-bin - Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earl...↗2007

▶

💬Community

Bugzilla

CVE-2007-5935 dvips -z buffer overflow with long href↗2007-11-06

▶