CVE-2010-1440

2010-05-0718:24:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2010-1440

integer overflow

dvips

tex live

denial of service

remote attackers

arbitrary code

nvd

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.043 Low

EPSS

Percentile

92.2%

JSON

Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739.

CPENameOperatorVersion
tug:tex_livetug tex liveeq2007
tug:tetextug tetexeq*
tug:tex_livetug tex liveeq2008
tug:tex_livetug tex liveeq2004
tug:tex_livetug tex livele2009
tug:tex_livetug tex liveeq2002
tug:tex_livetug tex liveeq1996
tug:tex_livetug tex liveeq2001
tug:tex_livetug tex liveeq1999
tug:tex_livetug tex liveeq2005

CPE	Name	Operator	Version
tug:tex_live	tug tex live	eq	2007
tug:tetex	tug tetex	eq	*
tug:tex_live	tug tex live	eq	2008
tug:tex_live	tug tex live	eq	2004
tug:tex_live	tug tex live	le	2009
tug:tex_live	tug tex live	eq	2002
tug:tex_live	tug tex live	eq	1996
tug:tex_live	tug tex live	eq	2001
tug:tex_live	tug tex live	eq	1999
tug:tex_live	tug tex live	eq	2005