CVE-2010-0739

Publication date 16 April 2010

Last updated 24 July 2024

Ubuntu priority

Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
texlive-bin	10.04 LTS lucid	Fixed 2009-5ubuntu0.1
	9.10 karmic	Fixed 2007.dfsg.2-7ubuntu1.1
	9.04 jaunty	Fixed 2007.dfsg.2-4ubuntu2.1
	8.10 intrepid	Ignored end of life, was needed
	8.04 LTS hardy	Fixed 2007.dfsg.1-2ubuntu0.1
	6.06 LTS dapper	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
texlive-bin	Vendor: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git;a=blob;f=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch

CVE-2010-0739

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references