Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tex_live | Tug | * | 2009 (including) |
Tex_live | Tug | 1996 (including) | 1996 (including) |
Tex_live | Tug | 1998 (including) | 1998 (including) |
Tex_live | Tug | 1999 (including) | 1999 (including) |
Tex_live | Tug | 2000 (including) | 2000 (including) |
Tex_live | Tug | 2001 (including) | 2001 (including) |
Tex_live | Tug | 2002 (including) | 2002 (including) |
Tex_live | Tug | 2003 (including) | 2003 (including) |
Tex_live | Tug | 2004 (including) | 2004 (including) |
Tex_live | Tug | 2005 (including) | 2005 (including) |
Tex_live | Tug | 2007 (including) | 2007 (including) |
Tex_live | Tug | 2008 (including) | 2008 (including) |