First published: Fri Mar 12 2010(Updated: )
Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/tetex | <0:3.0-33.8.el5_5.5 | 0:3.0-33.8.el5_5.5 |
teTeX | ||
Tex Live |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2010-0739 has a moderate severity rating due to its potential to allow remote code execution through a crafted DVI file.
To fix CVE-2010-0739, update to the latest stable version of tetex or TeX Live that includes the necessary patches.
CVE-2010-0739 affects tetex in Red Hat and TeX Live and teTeX in other distributions.
CVE-2010-0739 is an integer overflow vulnerability that may lead to a heap-based buffer overflow.
CVE-2010-0739 requires user-assisted exploitation, meaning a user must open a malicious DVI file for the attack to occur.