Bastien Roucaries discovered that dvips as included in tetex-bin
and texlive-bin did not properly perform bounds checking. If a
user or automated system were tricked into processing a specially
crafted dvi file, dvips could be made to crash and execute code as
the user invoking the program. (CVE-2007-5935)
Joachim Schrod discovered that the dviljk utilities created
temporary files in an insecure way. Local users could exploit a
race condition to create or overwrite files with the privileges of
the user invoking the program. (CVE-2007-5936)
Joachim Schrod discovered that the dviljk utilities did not
perform bounds checking in many instances. If a user or automated
system were tricked into processing a specially crafted dvi file,
the dviljk utilities could be made to crash and execute code as
the user invoking the program. (CVE-2007-5937)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 7.10 | noarch | texlive-extra-utils | < 2007-12ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | libkpathsea-dev | < 2007-12ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | libkpathsea4 | < 2007-12ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | texlive-base-bin | < 2007-12ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | texlive-font-utils | < 2007-12ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | texlive-lang-indic | < 2007-12ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | texlive-metapost | < 2007-12ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | texlive-music | < 2007-12ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | texlive-omega | < 2007-12ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | texlive-xetex | < 2007-12ubuntu3.1 | UNKNOWN |