Vulnerability in Tug Tetex
CVE-2010-0827
Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.
EPSS: 0.045 (89.4th percentile) — read the EPSS interpretation.
Affected products
- Tug Tetex
- Tug Tex_live — versions 1996, 2004, 2000
- N/a — versions n/a
Weakness classification (CWE)
References
- security@ubuntu.com (x_refsource_CONFIRM)
- 39971 (vdb-entry, x_refsource_BID)
- GLSA-201206-28 (vendor-advisory, x_refsource_GENTOO)
- SUSE-SR:2010:013 (vendor-advisory, x_refsource_SUSE)
- security@ubuntu.com (x_refsource_CONFIRM)
- SUSE-SR:2010:012 (vendor-advisory, x_refsource_SUSE)
- security@ubuntu.com (x_refsource_CONFIRM)
- oval:org.mitre.oval:def:10052 (x_refsource_OVAL, signature, vdb-entry)
- security@ubuntu.com (x_refsource_CONFIRM)
- USN-937-1 (x_refsource_UBUNTU, vendor-advisory)