CVE-2010-0827
published 2010-05-07CVE-2010-0827: Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute…
PriorityP430medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
4.44%
90.2th percentile
Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | texlive-bin | < texlive-bin 2009-6 (bookworm) | texlive-bin 2009-6 (bookworm) |
| tug | tex_live | <= 2009 | — |
| tug | tex_live | — | — |
| tug | tex_live | — | — |
| tug | tex_live | — | — |
| tug | tex_live | — | — |
| tug | tex_live | — | — |
| tug | tex_live | — | — |
| tug | tex_live | — | — |
| tug | tex_live | — | — |
| tug | tex_live | — | — |
| tug | tex_live | — | — |
| tug | tex_live | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8p99-hj29-qxw6: Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibl
ghsa_unreviewed·2022-05-02
CVE-2010-0827 [MEDIUM] GHSA-8p99-hj29-qxw6: Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibl
Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.
OSV
CVE-2010-0827: Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibl
osv·2010-05-07·CVSS 6.8
CVE-2010-0827 [MEDIUM] CVE-2010-0827: Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibl
Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.
Ubuntu
TeX Live vulnerabilities
vendor_ubuntu·2010-05-06·CVSS 5.0
CVE-2009-1284 [MEDIUM] TeX Live vulnerabilities
Title: TeX Live vulnerabilities
Summary: TeX Live vulnerabilities
It was discovered that TeX Live incorrectly handled certain long .bib
bibliography files. If a user or automated system were tricked into
processing a specially crafted bib file, an attacker could cause a denial
of service via application crash. This issue only affected Ubuntu 8.04 LTS,
9.04 and 9.10. (CVE-2009-1284)
Marc Schoenefeld, Karel Šrot and Ludwig Nussel discovered that TeX Live
incorrectly handled certain malformed dvi files. If a user or automated
system were tricked into processing a specially crafted dvi file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2010-0739, CVE-2010-1440)
Dan Rosenberg
Red Hat
texlive: Buffer overflow flaw by processing virtual font files
vendor_redhat·2010-03-25·CVSS 6.8
CVE-2010-0827 [MEDIUM] texlive: Buffer overflow flaw by processing virtual font files
texlive: Buffer overflow flaw by processing virtual font files
Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.
Debian
CVE-2010-0827: texlive-bin - Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote...
vendor_debian·2010·CVSS 6.8
CVE-2010-0827 [MEDIUM] CVE-2010-0827: texlive-bin - Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote...
Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.
Scope: local
bookworm: resolved (fixed in 2009-6)
bullseye: resolved (fixed in 2009-6)
forky: resolved (fixed in 2009-6)
sid: resolved (fixed in 2009-6)
trixie: resolved (fixed in 2009-6)
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlhttp://security-tracker.debian.org/tracker/CVE-2010-0827http://security.gentoo.org/glsa/glsa-201206-28.xmlhttp://www.securityfocus.com/bid/39971http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?r1=18009&r2=18095http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=loghttp://www.ubuntu.com/usn/USN-937-1https://bugzilla.redhat.com/show_bug.cgi?id=572914https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10052http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlhttp://security-tracker.debian.org/tracker/CVE-2010-0827http://security.gentoo.org/glsa/glsa-201206-28.xmlhttp://www.securityfocus.com/bid/39971http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?r1=18009&r2=18095http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=loghttp://www.ubuntu.com/usn/USN-937-1https://bugzilla.redhat.com/show_bug.cgi?id=572914https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10052
2010-05-07
Published