CVE-2010-0739
Published: 16 April 2010
Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Priority
Status
Package | Release | Status |
---|---|---|
texlive-bin Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(2007.dfsg.1-2ubuntu0.1)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Released
(2007.dfsg.2-4ubuntu2.1)
|
|
karmic |
Released
(2007.dfsg.2-7ubuntu1.1)
|
|
lucid |
Released
(2009-5ubuntu0.1)
|
|
upstream |
Needed
|
|
Patches: vendor: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git;a=blob;f=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch |