Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tetex | Tug | * | * |
Tex_live | Tug | * | 2009 (including) |
Tex_live | Tug | 1996 (including) | 1996 (including) |
Tex_live | Tug | 1998 (including) | 1998 (including) |
Tex_live | Tug | 1999 (including) | 1999 (including) |
Tex_live | Tug | 2000 (including) | 2000 (including) |
Tex_live | Tug | 2001 (including) | 2001 (including) |
Tex_live | Tug | 2002 (including) | 2002 (including) |
Tex_live | Tug | 2003 (including) | 2003 (including) |
Tex_live | Tug | 2004 (including) | 2004 (including) |
Tex_live | Tug | 2005 (including) | 2005 (including) |
Tex_live | Tug | 2007 (including) | 2007 (including) |
Tex_live | Tug | 2008 (including) | 2008 (including) |