7 matches found
CVE-2011-5244
Multiple off-by-one errors in the 1 token and 2 linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a DVI file containi...
CVE-2011-0433
Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics AFM...
CVE-2011-0433
Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics AFM...
CVE-2010-0739
Integer overflow in the predospecial function in dospecial.c in dvips in 1 TeX Live and 2 teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party...
CVE-2010-0739
CVE-2010-0739 affects TeX Live and teTeX dvips parsing of DVI files. Root cause: integer/heap-based overflow in predospecial() of dospecial.c, triggered by a crafted DVI file, enabling user-assisted remote code execution. Connected advisories indicate TeX Live/teTeX components are vulnerable; pat...
CVE-2010-0739
Integer overflow in the predospecial function in dospecial.c in dvips in 1 TeX Live and 2 teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party...
PT-2010-2483 · Thomas Esser +2 · Tetex +2
Name of the Vulnerable Software and Affected Versions: TeX Live affected versions not specified teTeX affected versions not specified Description: The issue is related to an integer overflow in the predospecial function, which might allow attackers to execute arbitrary code via a crafted DVI file...