CVE-2010-0827 — TEX Live vulnerability

CWE-1897 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

4.5%

top 10.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Texlive-bin TUG TEX Live

Timeline

PublishedMay 7

Latest updateMay 2

Description

Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶debiandebian/texlive-bin< texlive-bin 2009-6 (bookworm)

▶NVDtug/tex_live2009+11

🔴Vulnerability Details

GHSA

GHSA-8p99-hj29-qxw6: Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibl↗2022-05-02

▶

OSV

CVE-2010-0827: Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibl↗2010-05-07

▶

📋Vendor Advisories

Ubuntu

TeX Live vulnerabilities↗2010-05-06

▶

Red Hat

texlive: Buffer overflow flaw by processing virtual font files↗2010-03-25

▶

Debian

CVE-2010-0827: texlive-bin - Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote...↗2010

▶

💬Community

Bugzilla

CVE-2010-0827 tetex, texlive: Buffer overflow flaw by processing virtual font files↗2010-03-12

▶