Buffer overflow in Jan-ake_larsson Dvipng

CVE-2010-0829

Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file.

Vulnerability class: Buffer Overflow

EPSS: 0.050 (89.9th percentile) — read the EPSS interpretation.

Affected products

Jan-ake_larsson Dvipng — versions 1.12, 1.11
Tug Tetex
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

39914 (x_refsource_SECUNIA, third-party-advisory)
ADV-2010-1219 (vdb-entry, x_refsource_VUPEN)
FEDORA-2010-8279 (x_refsource_FEDORA, vendor-advisory)
SUSE-SR:2010:013 (vendor-advisory, x_refsource_SUSE)
oval:org.mitre.oval:def:9718 (x_refsource_OVAL, signature, vdb-entry)
SUSE-SR:2010:012 (vendor-advisory, x_refsource_SUSE)
DSA-2048 (vendor-advisory, x_refsource_DEBIAN)
security@ubuntu.com (x_refsource_CONFIRM, Patch)
USN-936-1 (x_refsource_UBUNTU, vendor-advisory)