Lucene search

K
ubuntuUbuntuUSN-936-1
HistoryMay 06, 2010 - 12:00 a.m.

dvipng vulnerability

2010-05-0600:00:00
ubuntu.com
46

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

10

Confidence

High

EPSS

0.036

Percentile

91.6%

Releases

  • Ubuntu 10.04
  • Ubuntu 9.10
  • Ubuntu 9.04

Packages

  • dvipng -

Details

Dan Rosenberg discovered that dvipng incorrectly handled certain malformed
dvi files. If a user or automated system were tricked into processing a
specially crafted dvi file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program.

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchdvipng< 1.11-1ubuntu0.9.10.1UNKNOWN
Ubuntu9.04noarchdvipng< 1.11-1ubuntu0.9.04.1UNKNOWN
Ubuntu10.04noarchdvipng< 1.12-3ubuntu0.1UNKNOWN

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

10

Confidence

High

EPSS

0.036

Percentile

91.6%