CVE-2007-5937
published 2007-11-13CVE-2007-5937: Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a…
PriorityP428medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.15%
86.3th percentile
Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | texlive-bin | < texlive-bin 2007-13 (bookworm) | texlive-bin 2007-13 (bookworm) |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3v5h-fmqv-x9mj: Multiple buffer overflows in dvi2xx
ghsa_unreviewed·2022-05-01
CVE-2007-5937 [MEDIUM] CWE-119 GHSA-3v5h-fmqv-x9mj: Multiple buffer overflows in dvi2xx
Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file.
OSV
CVE-2007-5937: Multiple buffer overflows in dvi2xx
osv·2007-11-13·CVSS 6.8
CVE-2007-5937 [MEDIUM] CVE-2007-5937: Multiple buffer overflows in dvi2xx
Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file.
Ubuntu
teTeX and TeX Live vulnerabilities
vendor_ubuntu·2007-12-06·CVSS 6.8
CVE-2007-5937 [MEDIUM] teTeX and TeX Live vulnerabilities
Title: teTeX and TeX Live vulnerabilities
Summary: teTeX and TeX Live vulnerabilities
Bastien Roucaries discovered that dvips as included in tetex-bin
and texlive-bin did not properly perform bounds checking. If a
user or automated system were tricked into processing a specially
crafted dvi file, dvips could be made to crash and execute code as
the user invoking the program. (CVE-2007-5935)
Joachim Schrod discovered that the dviljk utilities created
temporary files in an insecure way. Local users could exploit a
race condition to create or overwrite files with the privileges of
the user invoking the program. (CVE-2007-5936)
Joachim Schrod discovered that the dviljk utilities did not
perform bounds checking in many instances. If a user or automated
system were tricked into processing a
Red Hat
Multiple dviljk buffer overflows
vendor_redhat·2007-11-06·CVSS 6.8
CVE-2007-5937 [MEDIUM] Multiple dviljk buffer overflows
Multiple dviljk buffer overflows
Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file.
Statement: Not vulnerable. This issue did not affect the versions of tetex packages as shipped with Red Hat Enterprise Linux 3, 4, or 5, as they do not provide dviljk binary.
Debian
CVE-2007-5937: texlive-bin - Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and ea...
vendor_debian·2007·CVSS 6.8
CVE-2007-5937 [MEDIUM] CVE-2007-5937: texlive-bin - Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and ea...
Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file.
Scope: local
bookworm: resolved (fixed in 2007-13)
bullseye: resolved (fixed in 2007-13)
forky: resolved (fixed in 2007-13)
sid: resolved (fixed in 2007-13)
trixie: resolved (fixed in 2007-13)
No detection rules found.
No public exploits indexed.
http://bugs.gentoo.org/attachment.cgi?id=135423http://bugs.gentoo.org/show_bug.cgi?id=198238http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.htmlhttp://secunia.com/advisories/27672http://secunia.com/advisories/27686http://secunia.com/advisories/27718http://secunia.com/advisories/27743http://secunia.com/advisories/27967http://secunia.com/advisories/28107http://secunia.com/advisories/28412http://secunia.com/advisories/30168http://security.gentoo.org/glsa/glsa-200711-26.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266http://www.mandriva.com/security/advisories?name=MDKSA-2007:230http://www.securityfocus.com/archive/1/487984/100/0/threadedhttp://www.securityfocus.com/bid/26469http://www.securitytracker.com/id?1019058http://www.vupen.com/english/advisories/2007/3896https://bugzilla.redhat.com/show_bug.cgi?id=368641https://issues.rpath.com/browse/RPL-1928https://usn.ubuntu.com/554-1/https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.htmlhttp://bugs.gentoo.org/attachment.cgi?id=135423http://bugs.gentoo.org/show_bug.cgi?id=198238http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.htmlhttp://secunia.com/advisories/27672http://secunia.com/advisories/27686http://secunia.com/advisories/27718http://secunia.com/advisories/27743http://secunia.com/advisories/27967http://secunia.com/advisories/28107http://secunia.com/advisories/28412http://secunia.com/advisories/30168http://security.gentoo.org/glsa/glsa-200711-26.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266http://www.mandriva.com/security/advisories?name=MDKSA-2007:230http://www.securityfocus.com/archive/1/487984/100/0/threadedhttp://www.securityfocus.com/bid/26469http://www.securitytracker.com/id?1019058http://www.vupen.com/english/advisories/2007/3896https://bugzilla.redhat.com/show_bug.cgi?id=368641https://issues.rpath.com/browse/RPL-1928https://usn.ubuntu.com/554-1/https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
2007-11-13
Published