CVE-2007-5935: Buffer Overflow
First published: Tue Nov 06 2007(Updated: )
Description of problem: DVI file that contains a hypertex reference with long title can trigger a stack based buffer overflow of a statically sized char array when dvips is called with -z argument. This could possibly result in arbitrary code execution in case user was tricked into open a specially crafted DVI file. Additional info: This issue affects the versions of the tetex package, as shipped with Red Hat Enterprise Linux 3 and 4. This issue has no security impact on tetex package version, as shipped in Red Hat Enterprise Linux 5 due to _FORTIFY_SOURCE protection that terminates the process before the memory corruption occurs. This issue has no security impact on texlive package versions, as shipped with Fedora releases of 11 and 12, due to _FORTIFY_SOURCE protection that terminates the process before the memory corruption occurs. See URL field for the orginal bug report from Debian project.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/3.0 | <40.3. | 40.3. |
| teTeX | ||
| TeX Live |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081
- https://bugzilla.redhat.com/show_bug.cgi?id=368591
- http://bugs.gentoo.org/show_bug.cgi?id=198238
- http://security.gentoo.org/glsa/glsa-200711-26.xml
- http://security.gentoo.org/glsa/glsa-200711-34.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
- http://www.securityfocus.com/bid/26469
- http://www.securitytracker.com/id?1019058
- http://secunia.com/advisories/27672
- http://secunia.com/advisories/27686
- http://secunia.com/advisories/27743
- https://issues.rpath.com/browse/RPL-1928
- http://secunia.com/advisories/27967
- http://secunia.com/advisories/28107
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
- http://secunia.com/advisories/27718
- http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
- http://secunia.com/advisories/28412
- http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266
- http://security.gentoo.org/glsa/glsa-200805-13.xml
- http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
- http://secunia.com/advisories/30168
- http://www.vupen.com/english/advisories/2007/3896
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311
- https://usn.ubuntu.com/554-1/
- http://www.securityfocus.com/archive/1/487984/100/0/threaded
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=249461
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=249461&action=edit
- https://rhn.redhat.com/errata/RHSA-2010-0399.html
- https://rhn.redhat.com/errata/RHSA-2010-0401.html
Frequently Asked Questions
What is the severity of CVE-2007-5935?
CVE-2007-5935 has a high severity due to the potential for arbitrary code execution resulting from a stack-based buffer overflow.
How do I fix CVE-2007-5935?
To fix CVE-2007-5935, update to the patched versions of the affected software provided by your vendor.
Which software is affected by CVE-2007-5935?
CVE-2007-5935 affects teTeX and TeX Live 2007, specifically versions prior to 40.3.
Can CVE-2007-5935 be exploited remotely?
Yes, CVE-2007-5935 can potentially be exploited remotely if a user is tricked into processing a crafted DVI file.
What type of vulnerability is CVE-2007-5935?
CVE-2007-5935 is a stack-based buffer overflow vulnerability.
- collector/redhat-bugzilla
- alias/CVE-2007-5935
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- package-manager/redhat
- vendor/tetex
- canonical/tetex
- vendor/tug
- canonical/tex live