CVE-2010-0827

2010-05-0718:24:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2010-0827

integer overflow

dvips

tex live

application crash

arbitrary code

remote attackers

denial of service

nvd

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.048 Low

EPSS

Percentile

92.7%

JSON

Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.

CPENameOperatorVersion
tug:tex_livetug tex liveeq2007
tug:tex_livetug tex liveeq2008
tug:tex_livetug tex liveeq2004
tug:tex_livetug tex livele2009
tug:tex_livetug tex liveeq2002
tug:tex_livetug tex liveeq1996
tug:tex_livetug tex liveeq2001
tug:tex_livetug tex liveeq1999
tug:tex_livetug tex liveeq2005
tug:tex_livetug tex liveeq1998

CPE	Name	Operator	Version
tug:tex_live	tug tex live	eq	2007
tug:tex_live	tug tex live	eq	2008
tug:tex_live	tug tex live	eq	2004
tug:tex_live	tug tex live	le	2009
tug:tex_live	tug tex live	eq	2002
tug:tex_live	tug tex live	eq	1996
tug:tex_live	tug tex live	eq	2001
tug:tex_live	tug tex live	eq	1999
tug:tex_live	tug tex live	eq	2005
tug:tex_live	tug tex live	eq	1998