Информационная безопасность
[RU] switch to English


Повреждение памяти в dvipng / TeX Live
Опубликовано:11 мая 2010 г.
Источник:
SecurityVulns ID:10824
Тип:локальная
Уровень опасности:
4/10
Описание:Повреждение памяти при разборе файлов DVI.
Затронутые продукты:DVIPNG : dvipng 1.12
CVE:CVE-2010-1440 (Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739.)
 CVE-2010-0829 (Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file.)
 CVE-2010-0827 (Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.)
 CVE-2010-0739 (Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.)
Оригинальный текстdocumentUBUNTU, [USN-937-1] TeX Live vulnerabilities (11.05.2010)
 documentUBUNTU, [USN-936-1] dvipng vulnerability (11.05.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород