CVE-2010-0827

NONE EPSS 90.2%
Published May 7, 201016y ago · Modified Jun 16, 20262w ago
Find Similar
Published May 7, 2010 16y ago
Last Modified Jun 16, 2026 2w ago

Description

Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.

Threat Intelligence

EPSS Exploit Probability
90.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-189

Affected Products 13

VendorProductVersionRange
tugtex_live* ≤2009
tugtex_live1996any
tugtex_live1998any
tugtex_live1999any
tugtex_live2000any
tugtex_live2001any
tugtex_live2002any
tugtex_live2003any
tugtex_live2004any
tugtex_live2005any
tugtex_live2007any
tugtex_live2008any
tugtetex*any

References 10

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
  • security-tracker.debian.org http://security-tracker.debian.org/tracker/CVE-2010-0827
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-201206-28.xml
  • securityfocus.com http://www.securityfocus.com/bid/39971
  • tug.org http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?r1=18009&r2=18095
  • tug.org http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=log
  • ubuntu.com http://www.ubuntu.com/usn/USN-937-1
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=572914
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10052

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.