Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19596
HistoryMay 12, 2010 - 12:00 a.m.

Tex Live dvipng工具数组索引漏洞

2010-05-1200:00:00
Root
www.seebug.org
19

0.036 Low

EPSS

Percentile

90.6%

JSON

BUGTRAQ ID: 39969
CVE(CAN) ID: CVE-2010-0829

dvipng是TeX Live所使用的从DVI文件生成PNG或GIF图形的工具。

dvipng工具中存在多个数组索引错误。在texlive-bin-2007.dfsg.2/build/source/texk/dvipng /draw.c文件中,SetChar()函数使用了受dvi文件的创建者控制的索引并将其索引到了数组中。如果越过了数组的边界,攻击者就可以设置指向任意值的指针,导致执行任意代码。

texlive-bin-2007.dfsg.2/build/source/texk/dvipng/vf.c文件中的SetVF()函数和set.c 文件中的SetGlyph()函数也存在类似的问题。

Jan-Ake Larsson dvipng 1.12
Jan-Ake Larsson dvipng 1.11
厂商补丁:

RedHat

RedHat已经为此发布了一个安全公告(RHSA-2010:0400-01)以及相应补丁:
RHSA-2010:0400-01:Moderate: tetex security update
链接:https://www.redhat.com/support/errata/RHSA-2010-0400.html

Ubuntu

Ubuntu已经为此发布了一个安全公告(USN-936-1)以及相应补丁:
USN-936-1:dvipng vulnerability
链接:http://www.ubuntu.com/usn/USN-936-1

Related

openvas 26
cvelist 1
ubuntu 1
prion 1
securityvulns 2
debian 1
veracode 1
nessus 16
osv 1
cve 1
debiancve 1
fedora 6
ubuntucve 1
redhat 1
centos 1
oraclelinux 1
gentoo 1
openvas
openvas
Ubuntu Update for dvipng vulnerability USN-936-1
2010-05-07 00:00:00
Debian: Security Advisory (DSA-2048-1)
2010-06-03 00:00:00
Debian Security Advisory DSA 2048-1 (dvipng)
2010-06-03 00:00:00
cvelist
cvelist
CVE-2010-0829
2010-05-07 17:43:00
ubuntu
ubuntu
dvipng vulnerability
2010-05-06 00:00:00
prion
prion
Code injection
2010-05-07 18:24:00
securityvulns
securityvulns
[USN-936-1] dvipng vulnerability
2010-05-11 00:00:00
dvipng / TeX Live memory corruption
2010-05-11 00:00:00
debian
debian
[SECURITY] [DSA 2048-1] New dvipng packages fix arbitrary code execution
2010-05-23 17:46:36
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:44:56
nessus
nessus
Debian DSA-2048-1 : dvipng - buffer overflow
2010-05-25 00:00:00
Fedora 11 : dvipng-1.13-1.fc11 (2010-8279)
2010-07-01 00:00:00
Fedora 13 : dvipng-1.13-1.fc13 (2010-8335)
2010-07-01 00:00:00
osv
osv
dvipng - arbitrary code execution
2010-05-22 00:00:00
cve
cve
CVE-2010-0829
2010-05-07 18:24:00
debiancve
debiancve
CVE-2010-0829
2010-05-07 18:24:00
fedora
fedora
[SECURITY] Fedora 12 Update: dvipng-1.13-1.fc12
2010-05-18 21:54:05
[SECURITY] Fedora 11 Update: dvipng-1.13-1.fc11
2010-05-18 21:57:22
[SECURITY] Fedora 13 Update: dvipng-1.13-1.fc13
2010-05-18 21:58:14
ubuntucve
ubuntucve
CVE-2010-0829
2010-04-20 00:00:00
redhat
redhat
(RHSA-2010:0400) Moderate: tetex security update
2010-05-06 00:00:00
centos
centos
tetex security update
2010-05-28 10:47:02
oraclelinux
oraclelinux
tetex security update
2010-05-06 00:00:00
gentoo
gentoo
Multiple packages, Multiple vulnerabilities fixed in 2010
2014-12-11 00:00:00

0.036 Low

EPSS

Percentile

90.6%

JSON
Related for SSV:19596
openvas26cvelist1ubuntu1prion1securityvulns2debian1veracode1nessus16osv1cve1debiancve1fedora6ubuntucve1redhat1centos1oraclelinux1gentoo1