CVE-2007-5935: Buffer Overflow
First published: Tue Nov 06 2007(Updated: )
Description of problem: DVI file that contains a hypertex reference with long title can trigger a stack based buffer overflow of a statically sized char array when dvips is called with -z argument. This could possibly result in arbitrary code execution in case user was tricked into open a specially crafted DVI file. Additional info: This issue affects the versions of the tetex package, as shipped with Red Hat Enterprise Linux 3 and 4. This issue has no security impact on tetex package version, as shipped in Red Hat Enterprise Linux 5 due to _FORTIFY_SOURCE protection that terminates the process before the memory corruption occurs. This issue has no security impact on texlive package versions, as shipped with Fedora releases of 11 and 12, due to _FORTIFY_SOURCE protection that terminates the process before the memory corruption occurs. See URL field for the orginal bug report from Debian project.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/3.0 | <40.3. | 40.3. |
| Tug Texlive 2007 | ||
| Tetex Tetex |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081
- https://bugzilla.redhat.com/show_bug.cgi?id=368591
- http://bugs.gentoo.org/show_bug.cgi?id=198238
- http://security.gentoo.org/glsa/glsa-200711-26.xml
- http://security.gentoo.org/glsa/glsa-200711-34.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
- http://www.securityfocus.com/bid/26469
- http://www.securitytracker.com/id?1019058
- http://secunia.com/advisories/27672
- http://secunia.com/advisories/27686
- http://secunia.com/advisories/27743
- https://issues.rpath.com/browse/RPL-1928
- http://secunia.com/advisories/27967
- http://secunia.com/advisories/28107
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
- http://secunia.com/advisories/27718
- http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
- http://secunia.com/advisories/28412
- http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266
- http://security.gentoo.org/glsa/glsa-200805-13.xml
- http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
- http://secunia.com/advisories/30168
- http://www.vupen.com/english/advisories/2007/3896
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311
- https://usn.ubuntu.com/554-1/
- http://www.securityfocus.com/archive/1/487984/100/0/threaded
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=249461
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=249461&action=edit
- https://rhn.redhat.com/errata/RHSA-2010-0399.html
- https://rhn.redhat.com/errata/RHSA-2010-0401.html
- collector/redhat-bugzilla
- alias/CVE-2007-5935
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- package-manager/redhat
- vendor/tug
- canonical/tug texlive 2007
- vendor/tetex
- canonical/tetex tetex