CVE-2007-5936 — Insecure Temporary File in Texlive-bin

CWE-264 CWE-377 — Insecure Temporary File7 documents7 sources

Severity

3.6LOWNVD

EPSS

0.1%

top 73.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Texlive-bin

Timeline

PublishedNov 13

Latest updateMay 1

Description

dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.

CVSS vector

AV:L/AC:L/C:P/I:P/A:NExploitability: 3.9 | Impact: 4.9

Affected Packages1 packages

▶debiandebian/texlive-bin< texlive-bin 2007-13 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-h8g9-jwcj-22mf: dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary f↗2022-05-01

▶

OSV

CVE-2007-5936: dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary f↗2007-11-13

▶

📋Vendor Advisories

Ubuntu

teTeX and TeX Live vulnerabilities↗2007-12-06

▶

Red Hat

dviljk uses insecure temporary file↗2007-11-06

▶

Debian

CVE-2007-5936: texlive-bin - dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensiti...↗2007

▶

💬Community

Bugzilla

CVE-2007-5936 dviljk uses insecure temporary file↗2007-11-06

▶