Search criteria
17 vulnerabilities by tug
CVE-2023-32700 (GCVE-0-2023-32700)
Vulnerability from cvelistv5 – Published: 2023-05-20 00:00 – Updated: 2025-01-31 15:30
VLAI
Summary
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
Severity
8.8 (High)
CWE
- n/a
Assigner
References
6 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://tug.org/pipermail/tex-live/2023-May/049188.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TeX-Live/texlive-source/releases/tag/build-svn66984"
},
{
"tags": [
"x_transferred"
],
"url": "https://tug.org/~mseven/luatex.html"
},
{
"name": "FEDORA-2023-38094d905c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLY43MIRONJSJVNBDFQHQ26MP3JIOB3H/"
},
{
"name": "FEDORA-2023-d261122726",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF6YXUUFRGBIXIIIEV5SGBJXXT2SMUK5/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-32700",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T18:11:48.823924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T15:30:02.807Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-04T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://tug.org/pipermail/tex-live/2023-May/049188.html"
},
{
"url": "https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0"
},
{
"url": "https://github.com/TeX-Live/texlive-source/releases/tag/build-svn66984"
},
{
"url": "https://tug.org/~mseven/luatex.html"
},
{
"name": "FEDORA-2023-38094d905c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLY43MIRONJSJVNBDFQHQ26MP3JIOB3H/"
},
{
"name": "FEDORA-2023-d261122726",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF6YXUUFRGBIXIIIEV5SGBJXXT2SMUK5/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-32700",
"datePublished": "2023-05-20T00:00:00.000Z",
"dateReserved": "2023-05-11T00:00:00.000Z",
"dateUpdated": "2025-01-31T15:30:02.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32668 (GCVE-0-2023-32668)
Vulnerability from cvelistv5 – Published: 2023-05-11 00:00 – Updated: 2025-11-03 21:48
VLAI
Summary
LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
Severity
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:48:34.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://tug.org/pipermail/tex-live/2023-May/049188.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/blob/b266ef076c96b382cd23a4c93204e247bb98626a/source/texk/web2c/luatexdir/ChangeLog#L1-L3"
},
{
"tags": [
"x_transferred"
],
"url": "https://tug.org/~mseven/luatex.html#luasocket"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00032.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-32668",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T16:40:54.472873Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T16:41:03.571Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-20T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://tug.org/pipermail/tex-live/2023-May/049188.html"
},
{
"url": "https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0"
},
{
"url": "https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/blob/b266ef076c96b382cd23a4c93204e247bb98626a/source/texk/web2c/luatexdir/ChangeLog#L1-L3"
},
{
"url": "https://tug.org/~mseven/luatex.html#luasocket"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-32668",
"datePublished": "2023-05-11T00:00:00.000Z",
"dateReserved": "2023-05-11T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:48:34.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-17407 (GCVE-0-2018-17407)
Vulnerability from cvelistv5 – Published: 2018-09-23 21:00 – Updated: 2024-08-05 10:47
VLAI
Summary
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/TeX-Live/texlive-source/commit… | x_refsource_MISC |
| https://www.debian.org/security/2018/dsa-4299 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-security-announce… | x_refsource_MISC |
| https://usn.ubuntu.com/3788-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/3788-2/ | vendor-advisoryx_refsource_UBUNTU |
Date Public
2018-09-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:04.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c"
},
{
"name": "DSA-4299",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4299"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.debian.org/debian-security-announce/2018/msg00230.html"
},
{
"name": "USN-3788-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3788-1/"
},
{
"name": "USN-3788-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3788-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-24T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c"
},
{
"name": "DSA-4299",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4299"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.debian.org/debian-security-announce/2018/msg00230.html"
},
{
"name": "USN-3788-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3788-1/"
},
{
"name": "USN-3788-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3788-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c",
"refsource": "MISC",
"url": "https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c"
},
{
"name": "DSA-4299",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4299"
},
{
"name": "https://lists.debian.org/debian-security-announce/2018/msg00230.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-security-announce/2018/msg00230.html"
},
{
"name": "USN-3788-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3788-1/"
},
{
"name": "USN-3788-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3788-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17407",
"datePublished": "2018-09-23T21:00:00.000Z",
"dateReserved": "2018-09-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:47:04.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17513 (GCVE-0-2017-17513)
Vulnerability from cvelistv5 – Published: 2017-12-14 16:00 – Updated: 2024-08-05 20:51
VLAI
Summary
TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
Date Public
2017-12-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:31.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-17513"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-14T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-17513"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-17513",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-17513"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17513",
"datePublished": "2017-12-14T16:00:00.000Z",
"dateReserved": "2017-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:51:31.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0296 (GCVE-0-2015-0296)
Vulnerability from cvelistv5 – Published: 2017-10-06 22:00 – Updated: 2024-08-06 04:03
VLAI
Summary
The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/72826 | vdb-entryx_refsource_BID |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2015/02/27/6 | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=1197082 | x_refsource_CONFIRM |
Date Public
2015-02-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-4332",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154198.html"
},
{
"name": "72826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72826"
},
{
"name": "FEDORA-2015-4872",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154424.html"
},
{
"name": "[oss-security] 20150227 CVE-2015-0296 preinstall scriptlet in texlive-base rpm of fedora allows unprivileged user to delete arbitrary files(maybe others)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/27/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1197082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user\u0027s home directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-06T21:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2015-4332",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154198.html"
},
{
"name": "72826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72826"
},
{
"name": "FEDORA-2015-4872",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154424.html"
},
{
"name": "[oss-security] 20150227 CVE-2015-0296 preinstall scriptlet in texlive-base rpm of fedora allows unprivileged user to delete arbitrary files(maybe others)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/27/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1197082"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-0296",
"datePublished": "2017-10-06T22:00:00.000Z",
"dateReserved": "2014-11-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:03:10.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5701 (GCVE-0-2015-5701)
Vulnerability from cvelistv5 – Published: 2017-08-25 18:00 – Updated: 2024-08-06 06:59
VLAI
Summary
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2015/07/30/6 | mailing-listx_refsource_MLIST |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_MISC |
| https://www.tug.org/svn/texlive/trunk/Build/sourc… | x_refsource_CONFIRM |
| https://www.tug.org/svn/texlive/trunk/Build/sourc… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=1181167 | x_refsource_CONFIRM |
Date Public
2015-01-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:04.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150730 Re: CVE request: mktexlsr/texlive: insecure use of /tmp",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/30/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613\u0026r2=22885"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181167"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-25T17:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150730 Re: CVE request: mktexlsr/texlive: insecure use of /tmp",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/30/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613\u0026r2=22885"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181167"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150730 Re: CVE request: mktexlsr/texlive: insecure use of /tmp",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/30/6"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139"
},
{
"name": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log",
"refsource": "CONFIRM",
"url": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log"
},
{
"name": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613\u0026r2=22885",
"refsource": "CONFIRM",
"url": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613\u0026r2=22885"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1181167",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181167"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5701",
"datePublished": "2017-08-25T18:00:00.000Z",
"dateReserved": "2015-07-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:59:04.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5700 (GCVE-0-2015-5700)
Vulnerability from cvelistv5 – Published: 2017-08-25 18:00 – Updated: 2024-08-06 06:59
VLAI
Summary
mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2015/07/30/6 | mailing-listx_refsource_MLIST |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_MISC |
| https://www.tug.org/svn/texlive/trunk/Build/sourc… | x_refsource_CONFIRM |
| https://www.tug.org/svn/texlive/trunk/Build/sourc… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=1181167 | x_refsource_CONFIRM |
| https://usn.ubuntu.com/3788-1/ | vendor-advisoryx_refsource_UBUNTU |
Date Public
2015-01-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:03.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150730 Re: CVE request: mktexlsr/texlive: insecure use of /tmp",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/30/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613\u0026r2=22885"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181167"
},
{
"name": "USN-3788-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3788-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150730 Re: CVE request: mktexlsr/texlive: insecure use of /tmp",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/30/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613\u0026r2=22885"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181167"
},
{
"name": "USN-3788-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3788-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150730 Re: CVE request: mktexlsr/texlive: insecure use of /tmp",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/30/6"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139"
},
{
"name": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log",
"refsource": "CONFIRM",
"url": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log"
},
{
"name": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613\u0026r2=22885",
"refsource": "CONFIRM",
"url": "https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613\u0026r2=22885"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1181167",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181167"
},
{
"name": "USN-3788-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3788-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5700",
"datePublished": "2017-08-25T18:00:00.000Z",
"dateReserved": "2015-07-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:59:03.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10243 (GCVE-0-2016-10243)
Vulnerability from cvelistv5 – Published: 2017-05-02 14:00 – Updated: 2024-08-06 03:14
VLAI
Summary
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://scumjr.github.io/2016/11/28/pwning-cowork… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.tug.org/svn/texlive?view=revision&rev… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201709-07 | vendor-advisoryx_refsource_GENTOO |
| http://www.debian.org/security/2017/dsa-3803 | vendor-advisoryx_refsource_DEBIAN |
| http://www.openwall.com/lists/oss-security/2017/03/05/1 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/96593 | vdb-entryx_refsource_BID |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Date Public
2016-11-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/"
},
{
"name": "FEDORA-2017-a8add6c46c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tug.org/svn/texlive?view=revision\u0026revision=42605"
},
{
"name": "GLSA-201709-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201709-07"
},
{
"name": "DSA-3803",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3803"
},
{
"name": "[oss-security] 20170305 TeX Live: CVE-2016-10243: whitelists a insecure binary/utility to be run as external program",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/05/1"
},
{
"name": "96593",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96593"
},
{
"name": "FEDORA-2017-b72cafa5b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/"
},
{
"name": "FEDORA-2017-a8add6c46c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tug.org/svn/texlive?view=revision\u0026revision=42605"
},
{
"name": "GLSA-201709-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201709-07"
},
{
"name": "DSA-3803",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3803"
},
{
"name": "[oss-security] 20170305 TeX Live: CVE-2016-10243: whitelists a insecure binary/utility to be run as external program",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/05/1"
},
{
"name": "96593",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96593"
},
{
"name": "FEDORA-2017-b72cafa5b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/",
"refsource": "MISC",
"url": "https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/"
},
{
"name": "FEDORA-2017-a8add6c46c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/"
},
{
"name": "https://www.tug.org/svn/texlive?view=revision\u0026revision=42605",
"refsource": "CONFIRM",
"url": "https://www.tug.org/svn/texlive?view=revision\u0026revision=42605"
},
{
"name": "GLSA-201709-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-07"
},
{
"name": "DSA-3803",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3803"
},
{
"name": "[oss-security] 20170305 TeX Live: CVE-2016-10243: whitelists a insecure binary/utility to be run as external program",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/03/05/1"
},
{
"name": "96593",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96593"
},
{
"name": "FEDORA-2017-b72cafa5b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10243",
"datePublished": "2017-05-02T14:00:00.000Z",
"dateReserved": "2017-03-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:14:42.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2642 (GCVE-0-2010-2642)
Vulnerability from cvelistv5 – Published: 2011-01-07 18:00 – Updated: 2024-08-07 02:39
VLAI
Summary
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
27 references
Date Public
2011-01-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2011:005",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://lists.mandriva.com/security-announce/2011-01/msg00006.php"
},
{
"name": "MDVSA-2011:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:016"
},
{
"name": "42872",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42872"
},
{
"name": "ADV-2011-0043",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0043"
},
{
"name": "ADV-2011-0029",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0029"
},
{
"name": "FEDORA-2011-0224",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html"
},
{
"name": "42769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42769"
},
{
"name": "SUSE-SR:2011:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "RHSA-2012:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"name": "ADV-2011-0097",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0097"
},
{
"name": "ADV-2011-0193",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0193"
},
{
"name": "DSA-2357",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2357"
},
{
"name": "USN-1035-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1035-1"
},
{
"name": "MDVSA-2011:017",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:017"
},
{
"name": "ADV-2011-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0102"
},
{
"name": "42821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42821"
},
{
"name": "MDVSA-2012:144",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "ADV-2011-0056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0056"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=666318"
},
{
"name": "RHSA-2011:0009",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2"
},
{
"name": "1024937",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024937"
},
{
"name": "FEDORA-2011-0208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html"
},
{
"name": "45678",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45678"
},
{
"name": "GLSA-201701-57",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"name": "42847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42847"
},
{
"name": "ADV-2011-0194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0194"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2011:005",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://lists.mandriva.com/security-announce/2011-01/msg00006.php"
},
{
"name": "MDVSA-2011:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:016"
},
{
"name": "42872",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42872"
},
{
"name": "ADV-2011-0043",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0043"
},
{
"name": "ADV-2011-0029",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0029"
},
{
"name": "FEDORA-2011-0224",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html"
},
{
"name": "42769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42769"
},
{
"name": "SUSE-SR:2011:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "RHSA-2012:1201",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"name": "ADV-2011-0097",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0097"
},
{
"name": "ADV-2011-0193",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0193"
},
{
"name": "DSA-2357",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2357"
},
{
"name": "USN-1035-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1035-1"
},
{
"name": "MDVSA-2011:017",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:017"
},
{
"name": "ADV-2011-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0102"
},
{
"name": "42821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42821"
},
{
"name": "MDVSA-2012:144",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "ADV-2011-0056",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0056"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=666318"
},
{
"name": "RHSA-2011:0009",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2"
},
{
"name": "1024937",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024937"
},
{
"name": "FEDORA-2011-0208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html"
},
{
"name": "45678",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45678"
},
{
"name": "GLSA-201701-57",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"name": "42847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42847"
},
{
"name": "ADV-2011-0194",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0194"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:005",
"refsource": "MANDRIVA",
"url": "http://lists.mandriva.com/security-announce/2011-01/msg00006.php"
},
{
"name": "MDVSA-2011:016",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:016"
},
{
"name": "42872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42872"
},
{
"name": "ADV-2011-0043",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0043"
},
{
"name": "ADV-2011-0029",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0029"
},
{
"name": "FEDORA-2011-0224",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html"
},
{
"name": "42769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42769"
},
{
"name": "SUSE-SR:2011:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "RHSA-2012:1201",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
},
{
"name": "ADV-2011-0097",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0097"
},
{
"name": "ADV-2011-0193",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0193"
},
{
"name": "DSA-2357",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2357"
},
{
"name": "USN-1035-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1035-1"
},
{
"name": "MDVSA-2011:017",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:017"
},
{
"name": "ADV-2011-0102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0102"
},
{
"name": "42821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42821"
},
{
"name": "MDVSA-2012:144",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
},
{
"name": "ADV-2011-0056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0056"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=666318",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=666318"
},
{
"name": "RHSA-2011:0009",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0009.html"
},
{
"name": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2"
},
{
"name": "1024937",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024937"
},
{
"name": "FEDORA-2011-0208",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html"
},
{
"name": "45678",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45678"
},
{
"name": "GLSA-201701-57",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-57"
},
{
"name": "42847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42847"
},
{
"name": "ADV-2011-0194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0194"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2642",
"datePublished": "2011-01-07T18:00:00.000Z",
"dateReserved": "2010-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:39:37.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0829 (GCVE-0-2010-0829)
Vulnerability from cvelistv5 – Published: 2010-05-07 17:43 – Updated: 2024-08-07 00:59
VLAI
Summary
Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/39914 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2010/1219 | vdb-entryx_refsource_VUPEN |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.debian.org/security/2010/dsa-2048 | vendor-advisoryx_refsource_DEBIAN |
| https://bugzilla.redhat.com/show_bug.cgi?id=573999 | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-936-1 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:39.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39914"
},
{
"name": "ADV-2010-1219",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1219"
},
{
"name": "FEDORA-2010-8279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041587.html"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:9718",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9718"
},
{
"name": "SUSE-SR:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "DSA-2048",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2048"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=573999"
},
{
"name": "USN-936-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-936-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "39914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39914"
},
{
"name": "ADV-2010-1219",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1219"
},
{
"name": "FEDORA-2010-8279",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041587.html"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:9718",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9718"
},
{
"name": "SUSE-SR:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "DSA-2048",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2048"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=573999"
},
{
"name": "USN-936-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-936-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2010-0829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39914"
},
{
"name": "ADV-2010-1219",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1219"
},
{
"name": "FEDORA-2010-8279",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041587.html"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:9718",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9718"
},
{
"name": "SUSE-SR:2010:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "DSA-2048",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2048"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=573999",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=573999"
},
{
"name": "USN-936-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-936-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2010-0829",
"datePublished": "2010-05-07T17:43:00.000Z",
"dateReserved": "2010-03-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:59:39.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0827 (GCVE-0-2010-0827)
Vulnerability from cvelistv5 – Published: 2010-05-07 17:43 – Updated: 2024-08-07 00:59
VLAI
Summary
Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.tug.org/svn/texlive/trunk/Build/source… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/39971 | vdb-entryx_refsource_BID |
| http://security.gentoo.org/glsa/glsa-201206-28.xml | vendor-advisoryx_refsource_GENTOO |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.tug.org/svn/texlive/trunk/Build/source… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://security-tracker.debian.org/tracker/CVE-20… | x_refsource_CONFIRM |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| https://bugzilla.redhat.com/show_bug.cgi?id=572914 | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-937-1 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2010-04-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:39.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=log"
},
{
"name": "39971",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39971"
},
{
"name": "GLSA-201206-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-28.xml"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?r1=18009\u0026r2=18095"
},
{
"name": "SUSE-SR:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security-tracker.debian.org/tracker/CVE-2010-0827"
},
{
"name": "oval:org.mitre.oval:def:10052",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10052"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=572914"
},
{
"name": "USN-937-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-937-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=log"
},
{
"name": "39971",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39971"
},
{
"name": "GLSA-201206-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-28.xml"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?r1=18009\u0026r2=18095"
},
{
"name": "SUSE-SR:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security-tracker.debian.org/tracker/CVE-2010-0827"
},
{
"name": "oval:org.mitre.oval:def:10052",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10052"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=572914"
},
{
"name": "USN-937-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-937-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2010-0827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=log",
"refsource": "CONFIRM",
"url": "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=log"
},
{
"name": "39971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39971"
},
{
"name": "GLSA-201206-28",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-28.xml"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?r1=18009\u0026r2=18095",
"refsource": "CONFIRM",
"url": "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?r1=18009\u0026r2=18095"
},
{
"name": "SUSE-SR:2010:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "http://security-tracker.debian.org/tracker/CVE-2010-0827",
"refsource": "CONFIRM",
"url": "http://security-tracker.debian.org/tracker/CVE-2010-0827"
},
{
"name": "oval:org.mitre.oval:def:10052",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10052"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=572914",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=572914"
},
{
"name": "USN-937-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-937-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2010-0827",
"datePublished": "2010-05-07T17:43:00.000Z",
"dateReserved": "2010-03-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:59:39.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1440 (GCVE-0-2010-1440)
Vulnerability from cvelistv5 – Published: 2010-05-07 17:43 – Updated: 2024-08-07 01:21
VLAI
Summary
Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://security.gentoo.org/glsa/glsa-201206-28.xml | vendor-advisoryx_refsource_GENTOO |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://bugzilla.redhat.com/show_bug.cgi?id=586819 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.ubuntu.com/usn/USN-937-1 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:19.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201206-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-28.xml"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=586819"
},
{
"name": "SUSE-SR:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "FEDORA-2010-8273",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html"
},
{
"name": "oval:org.mitre.oval:def:10068",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10068"
},
{
"name": "USN-937-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-937-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201206-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-28.xml"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=586819"
},
{
"name": "SUSE-SR:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "FEDORA-2010-8273",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html"
},
{
"name": "oval:org.mitre.oval:def:10068",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10068"
},
{
"name": "USN-937-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-937-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1440",
"datePublished": "2010-05-07T17:43:00.000Z",
"dateReserved": "2010-04-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:21:19.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0739 (GCVE-0-2010-0739)
Vulnerability from cvelistv5 – Published: 2010-04-16 18:00 – Updated: 2024-08-07 00:59
VLAI
Summary
Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/39500 | vdb-entryx_refsource_BID |
| http://security.gentoo.org/glsa/glsa-201206-28.xml | vendor-advisoryx_refsource_GENTOO |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://git.frugalware.org/gitweb/gitweb.cgi?p=fru… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=572941 | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-937-1 | vendor-advisoryx_refsource_UBUNTU |
| http://secunia.com/advisories/39390 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2010-04-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:39.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39500",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39500"
},
{
"name": "GLSA-201206-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-28.xml"
},
{
"name": "oval:org.mitre.oval:def:11468",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11468"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "SUSE-SR:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "FEDORA-2010-8273",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git%3Ba=blob%3Bf=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=572941"
},
{
"name": "USN-937-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-937-1"
},
{
"name": "39390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39390"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "39500",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39500"
},
{
"name": "GLSA-201206-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-28.xml"
},
{
"name": "oval:org.mitre.oval:def:11468",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11468"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "SUSE-SR:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "FEDORA-2010-8273",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git%3Ba=blob%3Bf=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=572941"
},
{
"name": "USN-937-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-937-1"
},
{
"name": "39390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39390"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0739",
"datePublished": "2010-04-16T18:00:00.000Z",
"dateReserved": "2010-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:59:39.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5940 (GCVE-0-2007-5940)
Vulnerability from cvelistv5 – Published: 2007-11-13 23:00 – Updated: 2024-08-07 15:47
VLAI
Summary
feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://bugs.gentoo.org/show_bug.cgi?id=198231 | x_refsource_CONFIRM |
| http://secunia.com/advisories/27739 | third-party-advisoryx_refsource_SECUNIA |
| http://security.gentoo.org/glsa/glsa-200711-32.xml | vendor-advisoryx_refsource_GENTOO |
| http://osvdb.org/42397 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/27737 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2007/3974 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/26507 | vdb-entryx_refsource_BID |
Date Public
2007-11-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198231"
},
{
"name": "27739",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27739"
},
{
"name": "GLSA-200711-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-32.xml"
},
{
"name": "42397",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42397"
},
{
"name": "27737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27737"
},
{
"name": "ADV-2007-3974",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3974"
},
{
"name": "26507",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26507"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-28T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198231"
},
{
"name": "27739",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27739"
},
{
"name": "GLSA-200711-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-32.xml"
},
{
"name": "42397",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42397"
},
{
"name": "27737",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27737"
},
{
"name": "ADV-2007-3974",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3974"
},
{
"name": "26507",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26507"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=198231",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198231"
},
{
"name": "27739",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27739"
},
{
"name": "GLSA-200711-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-32.xml"
},
{
"name": "42397",
"refsource": "OSVDB",
"url": "http://osvdb.org/42397"
},
{
"name": "27737",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27737"
},
{
"name": "ADV-2007-3974",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3974"
},
{
"name": "26507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26507"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5940",
"datePublished": "2007-11-13T23:00:00.000Z",
"dateReserved": "2007-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:47:00.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5935 (GCVE-0-2007-5935)
Vulnerability from cvelistv5 – Published: 2007-11-13 22:00 – Updated: 2024-08-07 15:47
VLAI
Summary
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
26 references
Date Public
2007-10-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1928"
},
{
"name": "27672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27672"
},
{
"name": "27743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27743"
},
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081"
},
{
"name": "27686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27686"
},
{
"name": "USN-554-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/554-1/"
},
{
"name": "26469",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26469"
},
{
"name": "oval:org.mitre.oval:def:11311",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311"
},
{
"name": "GLSA-200805-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"name": "GLSA-200711-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
},
{
"name": "30168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30168"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=368591"
},
{
"name": "ADV-2007-3896",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3896"
},
{
"name": "27718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27718"
},
{
"name": "GLSA-200711-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"name": "27967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27967"
},
{
"name": "FEDORA-2007-3390",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
},
{
"name": "1019058",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019058"
},
{
"name": "28107",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28107"
},
{
"name": "MDKSA-2007:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
},
{
"name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1928"
},
{
"name": "27672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27672"
},
{
"name": "27743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27743"
},
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081"
},
{
"name": "27686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27686"
},
{
"name": "USN-554-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/554-1/"
},
{
"name": "26469",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26469"
},
{
"name": "oval:org.mitre.oval:def:11311",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311"
},
{
"name": "GLSA-200805-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"name": "GLSA-200711-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
},
{
"name": "30168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30168"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=368591"
},
{
"name": "ADV-2007-3896",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3896"
},
{
"name": "27718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27718"
},
{
"name": "GLSA-200711-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"name": "27967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27967"
},
{
"name": "FEDORA-2007-3390",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
},
{
"name": "1019058",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019058"
},
{
"name": "28107",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28107"
},
{
"name": "MDKSA-2007:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
},
{
"name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.rpath.com/browse/RPL-1928",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1928"
},
{
"name": "27672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27672"
},
{
"name": "27743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27743"
},
{
"name": "SUSE-SR:2008:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081"
},
{
"name": "27686",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27686"
},
{
"name": "USN-554-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/554-1/"
},
{
"name": "26469",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26469"
},
{
"name": "oval:org.mitre.oval:def:11311",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311"
},
{
"name": "GLSA-200805-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"name": "GLSA-200711-26",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=198238",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
},
{
"name": "30168",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30168"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=368591",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=368591"
},
{
"name": "ADV-2007-3896",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3896"
},
{
"name": "27718",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27718"
},
{
"name": "GLSA-200711-34",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"name": "27967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27967"
},
{
"name": "FEDORA-2007-3390",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
},
{
"name": "1019058",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019058"
},
{
"name": "28107",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28107"
},
{
"name": "MDKSA-2007:230",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
},
{
"name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5935",
"datePublished": "2007-11-13T22:00:00.000Z",
"dateReserved": "2007-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:47:00.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5936 (GCVE-0-2007-5936)
Vulnerability from cvelistv5 – Published: 2007-11-13 22:00 – Updated: 2024-08-07 15:47
VLAI
Summary
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
26 references
Date Public
2007-11-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=135423"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1928"
},
{
"name": "27672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27672"
},
{
"name": "27743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27743"
},
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "27686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27686"
},
{
"name": "USN-554-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/554-1/"
},
{
"name": "42238",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42238"
},
{
"name": "26469",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26469"
},
{
"name": "GLSA-200805-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"name": "GLSA-200711-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
},
{
"name": "30168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30168"
},
{
"name": "ADV-2007-3896",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3896"
},
{
"name": "27718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27718"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=368611"
},
{
"name": "GLSA-200711-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"name": "27967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27967"
},
{
"name": "FEDORA-2007-3390",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
},
{
"name": "1019058",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019058"
},
{
"name": "28107",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28107"
},
{
"name": "MDKSA-2007:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
},
{
"name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=135423"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1928"
},
{
"name": "27672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27672"
},
{
"name": "27743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27743"
},
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "27686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27686"
},
{
"name": "USN-554-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/554-1/"
},
{
"name": "42238",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42238"
},
{
"name": "26469",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26469"
},
{
"name": "GLSA-200805-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"name": "GLSA-200711-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
},
{
"name": "30168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30168"
},
{
"name": "ADV-2007-3896",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3896"
},
{
"name": "27718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27718"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=368611"
},
{
"name": "GLSA-200711-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"name": "27967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27967"
},
{
"name": "FEDORA-2007-3390",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
},
{
"name": "1019058",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019058"
},
{
"name": "28107",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28107"
},
{
"name": "MDKSA-2007:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
},
{
"name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.gentoo.org/attachment.cgi?id=135423",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/attachment.cgi?id=135423"
},
{
"name": "https://issues.rpath.com/browse/RPL-1928",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1928"
},
{
"name": "27672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27672"
},
{
"name": "27743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27743"
},
{
"name": "SUSE-SR:2008:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "27686",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27686"
},
{
"name": "USN-554-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/554-1/"
},
{
"name": "42238",
"refsource": "OSVDB",
"url": "http://osvdb.org/42238"
},
{
"name": "26469",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26469"
},
{
"name": "GLSA-200805-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"name": "GLSA-200711-26",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=198238",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
},
{
"name": "30168",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30168"
},
{
"name": "ADV-2007-3896",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3896"
},
{
"name": "27718",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27718"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=368611",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=368611"
},
{
"name": "GLSA-200711-34",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"name": "27967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27967"
},
{
"name": "FEDORA-2007-3390",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
},
{
"name": "1019058",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019058"
},
{
"name": "28107",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28107"
},
{
"name": "MDKSA-2007:230",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
},
{
"name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5936",
"datePublished": "2007-11-13T22:00:00.000Z",
"dateReserved": "2007-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:47:00.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5937 (GCVE-0-2007-5937)
Vulnerability from cvelistv5 – Published: 2007-11-13 22:00 – Updated: 2024-08-07 15:47
VLAI
Summary
Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
25 references
Date Public
2007-11-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=135423"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1928"
},
{
"name": "27672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27672"
},
{
"name": "27743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27743"
},
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "27686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27686"
},
{
"name": "USN-554-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/554-1/"
},
{
"name": "26469",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26469"
},
{
"name": "GLSA-200805-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"name": "GLSA-200711-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
},
{
"name": "30168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30168"
},
{
"name": "ADV-2007-3896",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3896"
},
{
"name": "27718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27718"
},
{
"name": "GLSA-200711-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=368641"
},
{
"name": "27967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27967"
},
{
"name": "FEDORA-2007-3390",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
},
{
"name": "1019058",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019058"
},
{
"name": "28107",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28107"
},
{
"name": "MDKSA-2007:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
},
{
"name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=135423"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1928"
},
{
"name": "27672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27672"
},
{
"name": "27743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27743"
},
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "27686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27686"
},
{
"name": "USN-554-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/554-1/"
},
{
"name": "26469",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26469"
},
{
"name": "GLSA-200805-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"name": "GLSA-200711-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
},
{
"name": "30168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30168"
},
{
"name": "ADV-2007-3896",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3896"
},
{
"name": "27718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27718"
},
{
"name": "GLSA-200711-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=368641"
},
{
"name": "27967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27967"
},
{
"name": "FEDORA-2007-3390",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
},
{
"name": "1019058",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019058"
},
{
"name": "28107",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28107"
},
{
"name": "MDKSA-2007:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
},
{
"name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.gentoo.org/attachment.cgi?id=135423",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/attachment.cgi?id=135423"
},
{
"name": "https://issues.rpath.com/browse/RPL-1928",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1928"
},
{
"name": "27672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27672"
},
{
"name": "27743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27743"
},
{
"name": "SUSE-SR:2008:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "27686",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27686"
},
{
"name": "USN-554-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/554-1/"
},
{
"name": "26469",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26469"
},
{
"name": "GLSA-200805-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"name": "GLSA-200711-26",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=198238",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
},
{
"name": "30168",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30168"
},
{
"name": "ADV-2007-3896",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3896"
},
{
"name": "27718",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27718"
},
{
"name": "GLSA-200711-34",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=368641",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=368641"
},
{
"name": "27967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27967"
},
{
"name": "FEDORA-2007-3390",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
},
{
"name": "1019058",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019058"
},
{
"name": "28107",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28107"
},
{
"name": "MDKSA-2007:230",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
},
{
"name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5937",
"datePublished": "2007-11-13T22:00:00.000Z",
"dateReserved": "2007-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:47:00.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}