Veracode Vulnerability DatabaseVERACODE:24045Arbitrary Code Execution
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
tetex is vulnerable to arbitrary code execution. The vulnerability exists through multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tetex | eq | 3.0__33.2.el5_1.2 | |
| tetex | eq | 3.0__33.1.el5 | |
| tetex | eq | 3.0__33.2.el5_1.2 | |
| tetex | eq | 3.0__33.1.el5 |
References
git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git%3Ba=blob%3Bf=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch
git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git;a=blob;f=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch
lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html
lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
secunia.com/advisories/39390
security.gentoo.org/glsa/glsa-201206-28.xml
www.redhat.com/security/updates/classification/#moderate
www.securityfocus.com/bid/39500
www.ubuntu.com/usn/USN-937-1
access.redhat.com/errata/RHSA-2010:0399
access.redhat.com/errata/RHSA-2010:0400
access.redhat.com/errata/RHSA-2010:0401
access.redhat.com/security/cve/CVE-2010-0739
bugzilla.redhat.com/show_bug.cgi?id=572941
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11468
Related
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P