CVE-2010-0739

NONE EPSS 91.1%
Published Apr 16, 201016y ago · Modified Jun 16, 20262w ago
Find Similar
Published Apr 16, 2010 16y ago
Last Modified Jun 16, 2026 2w ago

Description

Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Threat Intelligence

EPSS Exploit Probability
91.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-189

Affected Products 2

VendorProductVersionRange
tugtetex*any
tugtex_live*any

References 10

  • git.frugalware.org http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git%3Ba=blob%3Bf=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
  • secunia.com http://secunia.com/advisories/39390
    Vendor Advisory
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-201206-28.xml
  • securityfocus.com http://www.securityfocus.com/bid/39500
  • ubuntu.com http://www.ubuntu.com/usn/USN-937-1
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=572941
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11468

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.