Lucene search

K
osvGoogleOSV:DSA-2048-1
HistoryMay 22, 2010 - 12:00 a.m.

dvipng - arbitrary code execution

2010-05-2200:00:00
Google
osv.dev
12

EPSS

0.036

Percentile

91.6%

Dan Rosenberg discovered that in dvipng, a utility that converts DVI
files to PNG graphics, several array index errors allow context-dependent
attackers, via a specially crafted DVI file, to cause a denial of
service (crash of the application), and possibly arbitrary code
execution.

For the stable distribution (lenny), this problem has been fixed in
version dvipng_1.11-1+lenny1.

For the testing distribution (squeeze), this problem has been fixed in
version 1.13-1.

For the unstable distribution (sid), this problem has been fixed in
version 1.13-1.

We recommend that you upgrade your dvipng package.