[tetex] Multiple vulnerabilities possibly allowing to execute arbitrary code or overwrite arbitrary files
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tetex-bin (Ubuntu) |
Fix Released
|
Undecided
|
Jamie Strandboge |
Bug Description
Binary package hint: tetex-bin
References:
http://
"Joachim Schrod discovered several buffer overflow vulnerabilities and an insecure temporary file creation in the "dvilj" application that is used by dvips to convert DVI files to printer formats (CVE-2007-5937, CVE-2007-5936). Bastien Roucaries reported that the "dvips" application is vulnerable to two stack-based buffer overflows when processing DVI documents with long \href{} URIs (CVE-2007-5935). teTeX also includes code from Xpdf that is vulnerable to a memory corruption and two heap-based buffer overflows (GLSA 200711-22); and it contains code from T1Lib that is vulnerable to a buffer overflow when processing an overly long font filename (GLSA 200710-12).
[...]
A remote attacker could entice a user to process a specially crafted DVI or PDF file which could lead to the execution of arbitrary code with the privileges of the user running the application. A local attacker could exploit the "dvilj" vulnerability to conduct a symlink attack to overwrite arbitrary files."
Since according to packages.ubuntu.com some parts of tetex are part of Ubuntu's main component, I shamelessly copied over Gentoo's GLSA.
Changed in tetex-bin: | |
assignee: | nobody → jamie-strandboge |
status: | New → Triaged |
Adding CVE references mentioned in MDKSA-2007:230 www.mandriva. com/en/ security/ advisories? name=MDKSA- 2007:230).
(http://