6.5 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.9%
Bastien Roucaries discovered that dvips as included in tetex-bin
and texlive-bin did not properly perform bounds checking. If a
user or automated system were tricked into processing a specially
crafted dvi file, dvips could be made to crash and execute code as
the user invoking the program. (CVE-2007-5935)
Joachim Schrod discovered that the dviljk utilities created
temporary files in an insecure way. Local users could exploit a
race condition to create or overwrite files with the privileges of
the user invoking the program. (CVE-2007-5936)
Joachim Schrod discovered that the dviljk utilities did not
perform bounds checking in many instances. If a user or automated
system were tricked into processing a specially crafted dvi file,
the dviljk utilities could be made to crash and execute code as
the user invoking the program. (CVE-2007-5937)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 7.10 | noarch | texlive-extra-utils | < 2007-12ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | libkpathsea-dev | < 2007-12ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | libkpathsea4 | < 2007-12ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | texlive-base-bin | < 2007-12ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | texlive-font-utils | < 2007-12ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | texlive-lang-indic | < 2007-12ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | texlive-metapost | < 2007-12ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | texlive-music | < 2007-12ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | texlive-omega | < 2007-12ubuntu3.1 | UNKNOWN |
Ubuntu | 7.10 | noarch | texlive-xetex | < 2007-12ubuntu3.1 | UNKNOWN |