CVE-2007-5935

Summary

CVE	CVE-2007-5935
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-11-13 22:46:00 UTC
Updated	2018-10-15 21:47:00 UTC
Description	Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Tetex	Tetex	All	All	All	All
Application	Tetex	Tetex	All	All	All	All
Application	Tug	Texlive 2007	All	All	All	All
Application	Tug	Texlive 2007	All	All	All	All

References

Reference	Source	Link	Tags
[security-announce] SUSE Security Summary Report SUSE-SR:200?8:011	SUSE	lists.opensuse.org
[security-announce] SUSE Security Summary Report SUSE-SR:2008:001	SUSE	lists.opensuse.org
USN-554-1: teTeX and TeX Live vulnerabilities \| Ubuntu security notices	UBUNTU	usn.ubuntu.com
#447081 - dvips -z segfault with really long url on \href - Debian Bug report logs	CONFIRM	bugs.debian.org	Exploit
Ubuntu update for tetex-bin and texlive-bin - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Support / Security / Advisories / / MDKSA-2007:230 \| Mandriva	MANDRIVA	www.mandriva.com
PTeX: Multiple vulnerabilities — Gentoo Linux Documentation	GENTOO	security.gentoo.org
Gentoo Linux Documentation -- CSTeX: Multiple vulnerabilities	GENTOO	security.gentoo.org
Gentoo update for ptex - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
[SECURITY] Fedora 7 Update: tetex-3.0-40.3.fc7	FEDORA	www.redhat.com
SUSE Update for Multiple Packages - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
SecurityFocus	BUGTRAQ	www.securityfocus.com
Webmail - OVH	VUPEN	www.vupen.com
Fedora update for tetex - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Repository / Oval Repository	OVAL	oval.cisecurity.org
rPath update for tetex - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Gentoo Linux Documentation -- teTeX: Multiple vulnerabilities	GENTOO	security.gentoo.org
Gentoo update for tetex - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Advisories:rPSA-2007-0266 - rPath Wiki	CONFIRM	wiki.rpath.com
Mandriva update for tetex - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Bug 368591 – CVE-2007-5935 dvips -z buffer overflow with long href	MISC	bugzilla.redhat.com
teTeX Multiple Vulnerabilities - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
teTeX Buffer Overflows Let Remote Users Execute Arbitrary Code and Unsafe Temporary Files Let Local Users Overwrite Files - SecurityTracker	SECTRACK	www.securitytracker.com
teTeX DVI File Parsing Multiple Vulnerabilities	BID	www.securityfocus.com
Gentoo Bug 198238 - app-text/tetex < 3.0_p1-r6 Multiple issues in dviljk and dvips (CVE-2007-{5935,5936,5937})	CONFIRM	bugs.gentoo.org
issues.rpath.com/browse/RPL-1928	CONFIRM	issues.rpath.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2010-05-07	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5935 This issue has been addressed in RHSA-2010:0399 and RHSA-2010:0401.

There are currently no legacy QID mappings associated with this CVE.