Vulnerabilities > CVE-2010-0827 - Numeric Errors vulnerability in TUG Tetex and TEX Live

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
tug
CWE-189
nessus

Summary

Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-094.NASL
    descriptionMultiple vulnerabilities has been discovered and fixed in tetex : Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file (CVE-2009-1284). Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow (CVE-2009-3608). Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file (CVE-2010-0827). Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file (CVE-2010-0829). Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third-party information (CVE-2010-0739). Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739 (CVE-2010-1440). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The corrected packages solves these problems.
    last seen2020-06-01
    modified2020-06-02
    plugin id46330
    published2010-05-13
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/46330
    titleMandriva Linux Security Advisory : tetex (MDVSA-2010:094)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2010:094. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(46330);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:53");
    
      script_cve_id(
        "CVE-2009-1284",
        "CVE-2009-3608",
        "CVE-2010-0739",
        "CVE-2010-0827",
        "CVE-2010-0829",
        "CVE-2010-1440"
      );
      script_bugtraq_id(
        34332,
        36703,
        39500,
        39966,
        39969
      );
      script_xref(name:"MDVSA", value:"2010:094");
    
      script_name(english:"Mandriva Linux Security Advisory : tetex (MDVSA-2010:094)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities has been discovered and fixed in tetex :
    
    Buffer overflow in BibTeX 0.99 allows context-dependent attackers to
    cause a denial of service (memory corruption and crash) via a long
    .bib bibliography file (CVE-2009-1284).
    
    Integer overflow in the ObjectStream::ObjectStream function in XRef.cc
    in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf,
    kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote
    attackers to execute arbitrary code via a crafted PDF document that
    triggers a heap-based buffer overflow (CVE-2009-3608).
    
    Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX,
    allows remote attackers to cause a denial of service (application
    crash) or possibly execute arbitrary code via a crafted virtual font
    (VF) file associated with a DVI file (CVE-2010-0827).
    
    Multiple array index errors in set.c in dvipng 1.11 and 1.12, and
    teTeX, allow remote attackers to cause a denial of service
    (application crash) or possibly execute arbitrary code via a malformed
    DVI file (CVE-2010-0829).
    
    Integer overflow in the predospecial function in dospecial.c in dvips
    in (1) TeX Live and (2) teTeX might allow user-assisted remote
    attackers to execute arbitrary code via a crafted DVI file that
    triggers a heap-based buffer overflow. NOTE: some of these details are
    obtained from third-party information (CVE-2010-0739).
    
    Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live
    2009 and earlier, and teTeX, allow remote attackers to cause a denial
    of service (application crash) or possibly execute arbitrary code via
    a special command in a DVI file, related to the (1) predospecial and
    (2) bbdospecial functions, a different vulnerability than
    CVE-2010-0739 (CVE-2010-1440).
    
    Packages for 2008.0 and 2009.0 are provided due to the Extended
    Maintenance Program for those products.
    
    The corrected packages solves these problems."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:jadetex");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-afm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-context");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-dvilj");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-dvipdfm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-dvips");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-latex");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-mfwin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-texi2html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-usrlocal");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-xdvi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xmltex");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/05/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/05/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2008.0", reference:"jadetex-3.12-136.2mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tetex-3.0-38.2mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tetex-afm-3.0-38.2mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tetex-context-3.0-38.2mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tetex-devel-3.0-38.2mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tetex-doc-3.0-38.2mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tetex-dvilj-3.0-38.2mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tetex-dvipdfm-3.0-38.2mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tetex-dvips-3.0-38.2mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tetex-latex-3.0-38.2mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tetex-mfwin-3.0-38.2mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tetex-texi2html-3.0-38.2mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tetex-usrlocal-3.0-38.2mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tetex-xdvi-3.0-38.2mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"xmltex-1.9-84.2mdv2008.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2009.0", reference:"jadetex-3.12-145.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"tetex-3.0-47.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"tetex-afm-3.0-47.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"tetex-context-3.0-47.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"tetex-devel-3.0-47.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"tetex-doc-3.0-47.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"tetex-dvilj-3.0-47.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"tetex-dvipdfm-3.0-47.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"tetex-dvips-3.0-47.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"tetex-latex-3.0-47.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"tetex-mfwin-3.0-47.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"tetex-texi2html-3.0-47.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"tetex-usrlocal-3.0-47.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"tetex-xdvi-3.0-47.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"xmltex-1.9-93.1mdv2009.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2009.1", reference:"jadetex-3.12-146.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"tetex-3.0-48.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"tetex-afm-3.0-48.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"tetex-context-3.0-48.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"tetex-devel-3.0-48.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"tetex-doc-3.0-48.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"tetex-dvilj-3.0-48.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"tetex-dvipdfm-3.0-48.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"tetex-dvips-3.0-48.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"tetex-latex-3.0-48.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"tetex-mfwin-3.0-48.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"tetex-texi2html-3.0-48.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"tetex-usrlocal-3.0-48.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"tetex-xdvi-3.0-48.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"xmltex-1.9-94.1mdv2009.1", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2010.0", reference:"jadetex-3.12-147.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"tetex-3.0-49.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"tetex-afm-3.0-49.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"tetex-context-3.0-49.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"tetex-devel-3.0-49.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"tetex-doc-3.0-49.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"tetex-dvilj-3.0-49.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"tetex-dvipdfm-3.0-49.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"tetex-dvips-3.0-49.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"tetex-latex-3.0-49.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"tetex-mfwin-3.0-49.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"tetex-texi2html-3.0-49.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"tetex-usrlocal-3.0-49.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"tetex-xdvi-3.0-49.1mdv2010.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2010.0", reference:"xmltex-1.9-95.1mdv2010.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0399.NASL
    descriptionUpdated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. A buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id46308
    published2010-05-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46308
    titleRHEL 4 : tetex (RHSA-2010:0399)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2010:0399. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(46308);
      script_version ("1.24");
      script_cvs_date("Date: 2019/10/25 13:36:15");
    
      script_cve_id("CVE-2007-5935", "CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0166", "CVE-2009-0195", "CVE-2009-0791", "CVE-2009-0799", "CVE-2009-0800", "CVE-2009-1179", "CVE-2009-1180", "CVE-2009-1181", "CVE-2009-1182", "CVE-2009-1183", "CVE-2009-3609", "CVE-2010-0739", "CVE-2010-0827", "CVE-2010-1440");
      script_bugtraq_id(26469, 34568, 34791, 35195, 36703, 39500, 39966);
      script_xref(name:"RHSA", value:"2010:0399");
    
      script_name(english:"RHEL 4 : tetex (RHSA-2010:0399)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated tetex packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 4.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    teTeX is an implementation of TeX. TeX takes a text file and a set of
    formatting commands as input, and creates a typesetter-independent
    DeVice Independent (DVI) file as output.
    
    A buffer overflow flaw was found in the way teTeX processed virtual
    font files when converting DVI files into PostScript. An attacker
    could create a malicious DVI file that would cause the dvips
    executable to crash or, potentially, execute arbitrary code.
    (CVE-2010-0827)
    
    Multiple integer overflow flaws were found in the way teTeX processed
    special commands when converting DVI files into PostScript. An
    attacker could create a malicious DVI file that would cause the dvips
    executable to crash or, potentially, execute arbitrary code.
    (CVE-2010-0739, CVE-2010-1440)
    
    A stack-based buffer overflow flaw was found in the way teTeX
    processed DVI files containing HyperTeX references with long titles,
    when converting them into PostScript. An attacker could create a
    malicious DVI file that would cause the dvips executable to crash.
    (CVE-2007-5935)
    
    teTeX embeds a copy of Xpdf, an open source Portable Document Format
    (PDF) file viewer, to allow adding images in PDF format to the
    generated PDF documents. The following issues affect Xpdf code :
    
    Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If
    a local user generated a PDF file from a TeX document, referencing a
    specially crafted PDF file, it would cause Xpdf to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running pdflatex. (CVE-2009-0147, CVE-2009-1179)
    
    Multiple integer overflow flaws were found in Xpdf. If a local user
    generated a PDF file from a TeX document, referencing a specially
    crafted PDF file, it would cause Xpdf to crash or, potentially,
    execute arbitrary code with the privileges of the user running
    pdflatex. (CVE-2009-0791, CVE-2009-3609)
    
    A heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder.
    If a local user generated a PDF file from a TeX document, referencing
    a specially crafted PDF file, it would cause Xpdf to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running pdflatex. (CVE-2009-0195)
    
    Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If
    a local user generated a PDF file from a TeX document, referencing a
    specially crafted PDF file, it would cause Xpdf to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running pdflatex. (CVE-2009-0146, CVE-2009-1182)
    
    Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to
    the freeing of arbitrary memory. If a local user generated a PDF file
    from a TeX document, referencing a specially crafted PDF file, it
    would cause Xpdf to crash or, potentially, execute arbitrary code with
    the privileges of the user running pdflatex. (CVE-2009-0166,
    CVE-2009-1180)
    
    Multiple input validation flaws were found in Xpdf's JBIG2 decoder. If
    a local user generated a PDF file from a TeX document, referencing a
    specially crafted PDF file, it would cause Xpdf to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running pdflatex. (CVE-2009-0800)
    
    Multiple denial of service flaws were found in Xpdf's JBIG2 decoder.
    If a local user generated a PDF file from a TeX document, referencing
    a specially crafted PDF file, it would cause Xpdf to crash.
    (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)
    
    Red Hat would like to thank Braden Thomas and Drew Yao of the Apple
    Product Security team, Will Dormann of the CERT/CC, and Alin Rad Pop
    of Secunia Research, for responsibly reporting the Xpdf flaws.
    
    All users of tetex are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5935"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-0146"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-0147"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-0166"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-0195"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-0791"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-0799"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-0800"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-1179"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-1180"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-1181"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-1182"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-1183"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3609"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0827"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-1440"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2010:0399"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 119, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-afm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-dvips");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-latex");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-xdvi");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/05/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/05/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2010:0399";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"tetex-2.0.2-22.0.1.EL4.16")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"tetex-afm-2.0.2-22.0.1.EL4.16")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"tetex-doc-2.0.2-22.0.1.EL4.16")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"tetex-dvips-2.0.2-22.0.1.EL4.16")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"tetex-fonts-2.0.2-22.0.1.EL4.16")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"tetex-latex-2.0.2-22.0.1.EL4.16")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"tetex-xdvi-2.0.2-22.0.1.EL4.16")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tetex / tetex-afm / tetex-doc / tetex-dvips / tetex-fonts / etc");
      }
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-937-1.NASL
    descriptionIt was discovered that TeX Live incorrectly handled certain long .bib bibliography files. If a user or automated system were tricked into processing a specially crafted bib file, an attacker could cause a denial of service via application crash. This issue only affected Ubuntu 8.04 LTS, 9.04 and 9.10. (CVE-2009-1284) Marc Schoenefeld, Karel Srot and Ludwig Nussel discovered that TeX Live incorrectly handled certain malformed dvi files. If a user or automated system were tricked into processing a specially crafted dvi file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0739, CVE-2010-1440) Dan Rosenberg discovered that TeX Live incorrectly handled certain malformed dvi files. If a user or automated system were tricked into processing a specially crafted dvi file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0827). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id46254
    published2010-05-07
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46254
    titleUbuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : texlive-bin vulnerabilities (USN-937-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_TEXLIVE-100504.NASL
    descriptionSpecially crafted dvi files could cause buffer overflows in dvips and dvipng (CVE-2010-0827, CVE-2010-0829, CVE-2010-0739, CVE-2010-1440).
    last seen2020-06-01
    modified2020-06-02
    plugin id46344
    published2010-05-15
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46344
    titleopenSUSE Security Update : texlive (openSUSE-SU-2010:0251-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_TEXLIVE-100504.NASL
    descriptionSpecially crafted dvi files could cause buffer overflows in dvips and dvipng (CVE-2010-0827 / CVE-2010-0829 / CVE-2010-0739 / CVE-2010-1440). This has been fixed.
    last seen2020-06-01
    modified2020-06-02
    plugin id50963
    published2010-12-02
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50963
    titleSuSE 11 Security Update : TeX (SAT Patch Number 2393)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_TEXLIVE-100503.NASL
    descriptionSpecially crafted dvi files could cause buffer overflows in dvips and dvipng (CVE-2010-0827, CVE-2010-0829, CVE-2010-0739, CVE-2010-1440).
    last seen2020-06-01
    modified2020-06-02
    plugin id46340
    published2010-05-15
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46340
    titleopenSUSE Security Update : texlive (openSUSE-SU-2010:0251-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0399.NASL
    descriptionUpdated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. A buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id46257
    published2010-05-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46257
    titleCentOS 4 : tetex (CESA-2010:0399)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_TE_AMS-7020.NASL
    descriptionSpecially crafted dvi files could cause buffer overflows in dvips and dvipng (CVE-2010-0827 / CVE-2010-0829 / CVE-2010-0739 / CVE-2010-1440). This has been fixed.
    last seen2020-06-01
    modified2020-06-02
    plugin id51761
    published2011-01-27
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51761
    titleSuSE 10 Security Update : TeX (ZYPP Patch Number 7020)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0399.NASL
    descriptionFrom Red Hat Security Advisory 2010:0399 : Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. A buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id68038
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68038
    titleOracle Linux 4 : tetex (ELSA-2010-0399)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0401.NASL
    descriptionUpdated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. A buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf. If a local user generated a PDF file from a TeX document, referencing a specially crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0791, CVE-2009-3609) All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id46258
    published2010-05-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46258
    titleCentOS 3 : tetex (CESA-2010:0401)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100506_TETEX_ON_SL3_X.NASL
    descriptionA buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf. If a local user generated a PDF file from a TeX document, referencing a specially crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0791, CVE-2009-3609)
    last seen2020-06-01
    modified2020-06-02
    plugin id60789
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60789
    titleScientific Linux Security Update : tetex on SL3.x i386/x86_64
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0401.NASL
    descriptionFrom Red Hat Security Advisory 2010:0401 : Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. A buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf. If a local user generated a PDF file from a TeX document, referencing a specially crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0791, CVE-2009-3609) All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id68040
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68040
    titleOracle Linux 3 : tetex (ELSA-2010-0401)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_TEXLIVE-100503.NASL
    descriptionSpecially crafted dvi files could cause buffer overflows in dvips and dvipng (CVE-2010-0827, CVE-2010-0829, CVE-2010-0739, CVE-2010-1440).
    last seen2020-06-01
    modified2020-06-02
    plugin id46342
    published2010-05-15
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46342
    titleopenSUSE Security Update : texlive (openSUSE-SU-2010:0251-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100506_TETEX_ON_SL4_X.NASL
    descriptionA buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id60790
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60790
    titleScientific Linux Security Update : tetex on SL4.x i386/x86_64
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201206-28.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201206-28 (TeX Live: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in texlive-core. Please review the CVE identifiers referenced below for details. Impact : These vulnerabilities might allow user-assisted remote attackers to execute arbitrary code via a specially crafted DVI file, or cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id59701
    published2012-06-26
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59701
    titleGLSA-201206-28 : TeX Live: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0401.NASL
    descriptionUpdated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. A buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf. If a local user generated a PDF file from a TeX document, referencing a specially crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0791, CVE-2009-3609) All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id46310
    published2010-05-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46310
    titleRHEL 3 : tetex (RHSA-2010:0401)

Oval

accepted2013-04-29T04:00:56.241-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionInteger overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.
familyunix
idoval:org.mitre.oval:def:10052
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleInteger overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.
version26

Redhat

rpms
  • tetex-0:2.0.2-22.0.1.EL4.16
  • tetex-afm-0:2.0.2-22.0.1.EL4.16
  • tetex-debuginfo-0:2.0.2-22.0.1.EL4.16
  • tetex-doc-0:2.0.2-22.0.1.EL4.16
  • tetex-dvips-0:2.0.2-22.0.1.EL4.16
  • tetex-fonts-0:2.0.2-22.0.1.EL4.16
  • tetex-latex-0:2.0.2-22.0.1.EL4.16
  • tetex-xdvi-0:2.0.2-22.0.1.EL4.16
  • tetex-0:1.0.7-67.19
  • tetex-afm-0:1.0.7-67.19
  • tetex-debuginfo-0:1.0.7-67.19
  • tetex-dvips-0:1.0.7-67.19
  • tetex-fonts-0:1.0.7-67.19
  • tetex-latex-0:1.0.7-67.19
  • tetex-xdvi-0:1.0.7-67.19