CVE-2007-5936
published 2007-11-13CVE-2007-5936: dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files…
PriorityP47low3.6CVSS 2.0
AVLACLAuNCPIPAN
EPSS
0.40%
31.8th percentile
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | texlive-bin | < texlive-bin 2007-13 (bookworm) | texlive-bin 2007-13 (bookworm) |
CVSS provenance
nvdv2.03.6LOWAV:L/AC:L/Au:N/C:P/I:P/A:N
osv3.6LOW
vendor_ubuntu6.8MEDIUM
vendor_debian3.6LOW
vendor_redhat3.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
teTeX and TeX Live vulnerabilities
vendor_ubuntu·2007-12-06·CVSS 6.8
CVE-2007-5937 [MEDIUM] teTeX and TeX Live vulnerabilities
Title: teTeX and TeX Live vulnerabilities
Summary: teTeX and TeX Live vulnerabilities
Bastien Roucaries discovered that dvips as included in tetex-bin
and texlive-bin did not properly perform bounds checking. If a
user or automated system were tricked into processing a specially
crafted dvi file, dvips could be made to crash and execute code as
the user invoking the program. (CVE-2007-5935)
Joachim Schrod discovered that the dviljk utilities created
temporary files in an insecure way. Local users could exploit a
race condition to create or overwrite files with the privileges of
the user invoking the program. (CVE-2007-5936)
Joachim Schrod discovered that the dviljk utilities did not
perform bounds checking in many instances. If a user or automated
system were tricked into processing a
Red Hat
dviljk uses insecure temporary file
vendor_redhat·2007-11-06·CVSS 3.6
CVE-2007-5936 [LOW] CWE-377 dviljk uses insecure temporary file
dviljk uses insecure temporary file
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
Statement: Not vulnerable. This issue did not affect the versions of tetex packages as shipped with Red Hat Enterprise Linux 3, 4, or 5, as they do not provide the dviljk binary.
Debian
CVE-2007-5936: texlive-bin - dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensiti...
vendor_debian·2007·CVSS 3.6
CVE-2007-5936 [LOW] CVE-2007-5936: texlive-bin - dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensiti...
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
Scope: local
bookworm: resolved (fixed in 2007-13)
bullseye: resolved (fixed in 2007-13)
forky: resolved (fixed in 2007-13)
sid: resolved (fixed in 2007-13)
trixie: resolved (fixed in 2007-13)
GHSA
GHSA-h8g9-jwcj-22mf: dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary f
ghsa_unreviewed·2022-05-01
CVE-2007-5936 [LOW] GHSA-h8g9-jwcj-22mf: dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary f
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
OSV
CVE-2007-5936: dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary f
osv·2007-11-13·CVSS 3.6
CVE-2007-5936 [LOW] CVE-2007-5936: dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary f
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
No detection rules found.
No public exploits indexed.
http://bugs.gentoo.org/attachment.cgi?id=135423http://bugs.gentoo.org/show_bug.cgi?id=198238http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.htmlhttp://osvdb.org/42238http://secunia.com/advisories/27672http://secunia.com/advisories/27686http://secunia.com/advisories/27718http://secunia.com/advisories/27743http://secunia.com/advisories/27967http://secunia.com/advisories/28107http://secunia.com/advisories/28412http://secunia.com/advisories/30168http://security.gentoo.org/glsa/glsa-200711-26.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266http://www.mandriva.com/security/advisories?name=MDKSA-2007:230http://www.securityfocus.com/archive/1/487984/100/0/threadedhttp://www.securityfocus.com/bid/26469http://www.securitytracker.com/id?1019058http://www.vupen.com/english/advisories/2007/3896https://bugzilla.redhat.com/show_bug.cgi?id=368611https://issues.rpath.com/browse/RPL-1928https://usn.ubuntu.com/554-1/https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.htmlhttp://bugs.gentoo.org/attachment.cgi?id=135423http://bugs.gentoo.org/show_bug.cgi?id=198238http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.htmlhttp://osvdb.org/42238http://secunia.com/advisories/27672http://secunia.com/advisories/27686http://secunia.com/advisories/27718http://secunia.com/advisories/27743http://secunia.com/advisories/27967http://secunia.com/advisories/28107http://secunia.com/advisories/28412http://secunia.com/advisories/30168http://security.gentoo.org/glsa/glsa-200711-26.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266http://www.mandriva.com/security/advisories?name=MDKSA-2007:230http://www.securityfocus.com/archive/1/487984/100/0/threadedhttp://www.securityfocus.com/bid/26469http://www.securitytracker.com/id?1019058http://www.vupen.com/english/advisories/2007/3896https://bugzilla.redhat.com/show_bug.cgi?id=368611https://issues.rpath.com/browse/RPL-1928https://usn.ubuntu.com/554-1/https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
2007-11-13
Published