Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - teTeX: several vulnerabilities of dvips and dvipng

May 2010 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

An attacker can create a malicious DVI file and invite the victim
to open it with teTeX tools, in order to create a denial of
service and possibly to execute code.

Severity: 2/4

Creation date: 07/05/2010

DESCRIPTION OF THE VULNERABILITY

The teTeX suite contains tools to handle documents in TeX DVI
format. The dvips command converts a DVI document to PostScript.
The dvipng command converts a DVI document to PNG image. Several
vulnerabilities impact these tools.

The predospecial() function of the texk/dvipsk/dospecial.c file
does not check integer overflows, which corrupts the memory.
[severity:2/4; 572941, CVE-2010-0739]

The virtualfont.c file does not check the font name size, which
leads to a buffer overflow. [severity:2/4; 572914, BID-39971,
CVE-2010-0827]

Several integer overflows of the dvipng command corrupt the
memory. [severity:2/4; 573999, CVE-2010-0829]

The predospecial() and the bbdospecial() functions of the
texk/dvipsk/dospecial.c file do not check integer overflows, which
corrupts the memory. [severity:2/4; 586819, BID-39966,
CVE-2010-1440]

An attacker can therefore create a malicious DVI file and invite
the victim to open it with teTeX tools, in order to create a
denial of service and possibly to execute code.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/teTeX-several-vulnerabilities-of-dvips-and-dvipng-9632


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts