Vulnerabilities > CVE-2010-0829 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
jan-ake-larsson
tug
CWE-119
nessus
NVD
Published: 2010-05-07
Updated: 2017-09-19

Summary

Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file.

Vulnerable Configurations

Part Description Count
Application
Jan-Ake_Larsson
2
Application
Tug
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2048.NASL
    descriptionDan Rosenberg discovered that in dvipng, a utility that converts DVI files to PNG graphics, several array index errors allow context-dependent attackers, via a specially crafted DVI file, to cause a denial of service (crash of the application), and possibly arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id46707
    published2010-05-25
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46707
    titleDebian DSA-2048-1 : dvipng - buffer overflow
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2048. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(46707);
  script_version("1.8");
  script_cvs_date("Date: 2019/08/02 13:32:22");

  script_cve_id("CVE-2010-0829");
  script_bugtraq_id(39969);
  script_xref(name:"DSA", value:"2048");

  script_name(english:"Debian DSA-2048-1 : dvipng - buffer overflow");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Dan Rosenberg discovered that in dvipng, a utility that converts DVI
files to PNG graphics, several array index errors allow
context-dependent attackers, via a specially crafted DVI file, to
cause a denial of service (crash of the application), and possibly
arbitrary code execution."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580628"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2010/dsa-2048"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the dvipng package.

For the stable distribution (lenny), this problem has been fixed in
version dvipng_1.11-1+lenny1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dvipng");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/05/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/05/25");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"5.0", prefix:"dvipng", reference:"1.11-1+lenny1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100506_TETEX_ON_SL5_X.NASL
    descriptionMultiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) Multiple array index errors were found in the way teTeX converted DVI files into the Portable Network Graphics (PNG) format. An attacker could create a malicious DVI file that would cause the dvipng executable to crash. (CVE-2010-0829) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id60791
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60791
    titleScientific Linux Security Update : tetex on SL5.x i386/x86_64
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-094.NASL
    descriptionMultiple vulnerabilities has been discovered and fixed in tetex : Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file (CVE-2009-1284). Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow (CVE-2009-3608). Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file (CVE-2010-0827). Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file (CVE-2010-0829). Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third-party information (CVE-2010-0739). Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739 (CVE-2010-1440). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The corrected packages solves these problems.
    last seen2020-06-01
    modified2020-06-02
    plugin id46330
    published2010-05-13
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/46330
    titleMandriva Linux Security Advisory : tetex (MDVSA-2010:094)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-936-1.NASL
    descriptionDan Rosenberg discovered that dvipng incorrectly handled certain malformed dvi files. If a user or automated system were tricked into processing a specially crafted dvi file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id46253
    published2010-05-07
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46253
    titleUbuntu 9.04 / 9.10 / 10.04 LTS : dvipng vulnerability (USN-936-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-8252.NASL
    descriptionUpgrades dvipng to version 1.13 which fixes CVE-2010-0829. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47480
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47480
    titleFedora 12 : dvipng-1.13-1.fc12 (2010-8252)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_TEXLIVE-100504.NASL
    descriptionSpecially crafted dvi files could cause buffer overflows in dvips and dvipng (CVE-2010-0827, CVE-2010-0829, CVE-2010-0739, CVE-2010-1440).
    last seen2020-06-01
    modified2020-06-02
    plugin id46344
    published2010-05-15
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46344
    titleopenSUSE Security Update : texlive (openSUSE-SU-2010:0251-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_TEXLIVE-100504.NASL
    descriptionSpecially crafted dvi files could cause buffer overflows in dvips and dvipng (CVE-2010-0827 / CVE-2010-0829 / CVE-2010-0739 / CVE-2010-1440). This has been fixed.
    last seen2020-06-01
    modified2020-06-02
    plugin id50963
    published2010-12-02
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50963
    titleSuSE 11 Security Update : TeX (SAT Patch Number 2393)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_TEXLIVE-100503.NASL
    descriptionSpecially crafted dvi files could cause buffer overflows in dvips and dvipng (CVE-2010-0827, CVE-2010-0829, CVE-2010-0739, CVE-2010-1440).
    last seen2020-06-01
    modified2020-06-02
    plugin id46340
    published2010-05-15
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46340
    titleopenSUSE Security Update : texlive (openSUSE-SU-2010:0251-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0400.NASL
    descriptionUpdated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) Multiple array index errors were found in the way teTeX converted DVI files into the Portable Network Graphics (PNG) format. An attacker could create a malicious DVI file that would cause the dvipng executable to crash. (CVE-2010-0829) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id46760
    published2010-06-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46760
    titleCentOS 5 : tetex (CESA-2010:0400)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-8335.NASL
    descriptionUpgrades dvipng to version 1.13 which fixes CVE-2010-0829. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47486
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47486
    titleFedora 13 : dvipng-1.13-1.fc13 (2010-8335)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201412-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201412-08 (Multiple packages, Multiple vulnerabilities fixed in 2010) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. Insight Perl Tk Module Source-Navigator Tk Partimage Mlmmj acl Xinit gzip ncompress liblzw splashutils GNU M4 KDE Display Manager GTK+ KGet dvipng Beanstalk Policy Mount pam_krb5 GNU gv LFTP Uzbl Slim Bitdefender Console iputils DVBStreamer Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There are no known workarounds at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id79961
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79961
    titleGLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0400.NASL
    descriptionFrom Red Hat Security Advisory 2010:0400 : Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) Multiple array index errors were found in the way teTeX converted DVI files into the Portable Network Graphics (PNG) format. An attacker could create a malicious DVI file that would cause the dvipng executable to crash. (CVE-2010-0829) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id68039
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68039
    titleOracle Linux 5 : tetex (ELSA-2010-0400)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_TE_AMS-7020.NASL
    descriptionSpecially crafted dvi files could cause buffer overflows in dvips and dvipng (CVE-2010-0827 / CVE-2010-0829 / CVE-2010-0739 / CVE-2010-1440). This has been fixed.
    last seen2020-06-01
    modified2020-06-02
    plugin id51761
    published2011-01-27
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51761
    titleSuSE 10 Security Update : TeX (ZYPP Patch Number 7020)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_TEXLIVE-100503.NASL
    descriptionSpecially crafted dvi files could cause buffer overflows in dvips and dvipng (CVE-2010-0827, CVE-2010-0829, CVE-2010-0739, CVE-2010-1440).
    last seen2020-06-01
    modified2020-06-02
    plugin id46342
    published2010-05-15
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46342
    titleopenSUSE Security Update : texlive (openSUSE-SU-2010:0251-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-8279.NASL
    descriptionUpgrades dvipng to version 1.13 which fixes CVE-2010-0829. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47483
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47483
    titleFedora 11 : dvipng-1.13-1.fc11 (2010-8279)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0400.NASL
    descriptionUpdated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) Multiple array index errors were found in the way teTeX converted DVI files into the Portable Network Graphics (PNG) format. An attacker could create a malicious DVI file that would cause the dvipng executable to crash. (CVE-2010-0829) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : Multiple integer overflow flaws were found in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id46309
    published2010-05-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46309
    titleRHEL 5 : tetex (RHSA-2010:0400)

Oval

accepted2013-04-29T04:21:34.641-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionMultiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file.
familyunix
idoval:org.mitre.oval:def:9718
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMultiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file.
version18

Redhat

rpms
  • tetex-0:3.0-33.8.el5_5.5
  • tetex-afm-0:3.0-33.8.el5_5.5
  • tetex-debuginfo-0:3.0-33.8.el5_5.5
  • tetex-doc-0:3.0-33.8.el5_5.5
  • tetex-dvips-0:3.0-33.8.el5_5.5
  • tetex-fonts-0:3.0-33.8.el5_5.5
  • tetex-latex-0:3.0-33.8.el5_5.5
  • tetex-xdvi-0:3.0-33.8.el5_5.5

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 39969 CVE(CAN) ID: CVE-2010-0829 dvipng是TeX Live所使用的从DVI文件生成PNG或GIF图形的工具。 dvipng工具中存在多个数组索引错误。在texlive-bin-2007.dfsg.2/build/source/texk/dvipng /draw.c文件中,SetChar()函数使用了受dvi文件的创建者控制的索引并将其索引到了数组中。如果越过了数组的边界,攻击者就可以设置指向任意值的指针,导致执行任意代码。 texlive-bin-2007.dfsg.2/build/source/texk/dvipng/vf.c文件中的SetVF()函数和set.c 文件中的SetGlyph()函数也存在类似的问题。 Jan-Ake Larsson dvipng 1.12 Jan-Ake Larsson dvipng 1.11 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2010:0400-01)以及相应补丁: RHSA-2010:0400-01:Moderate: tetex security update 链接:https://www.redhat.com/support/errata/RHSA-2010-0400.html Ubuntu ------ Ubuntu已经为此发布了一个安全公告(USN-936-1)以及相应补丁: USN-936-1:dvipng vulnerability 链接:http://www.ubuntu.com/usn/USN-936-1
idSSV:19596
last seen2017-11-19
modified2010-05-12
published2010-05-12
reporterRoot
titleTex Live dvipng工具数组索引漏洞

References