CVE-2007-5937
Summary
| CVE | CVE-2007-5937 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2007-11-13 22:46:00 UTC |
|---|
| Updated | 2018-10-15 21:47:00 UTC |
|---|
| Description | Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [security-announce] SUSE Security Summary Report SUSE-SR:200?8:011 |
SUSE |
lists.opensuse.org |
|
| [security-announce] SUSE Security Summary Report SUSE-SR:2008:001 |
SUSE |
lists.opensuse.org |
|
| USN-554-1: teTeX and TeX Live vulnerabilities | Ubuntu security notices |
UBUNTU |
usn.ubuntu.com |
|
| Ubuntu update for tetex-bin and texlive-bin - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| Support / Security / Advisories / / MDKSA-2007:230 | Mandriva |
MANDRIVA |
www.mandriva.com |
|
| PTeX: Multiple vulnerabilities — Gentoo Linux Documentation |
GENTOO |
security.gentoo.org |
|
| Gentoo Linux Documentation
--
CSTeX: Multiple vulnerabilities |
GENTOO |
security.gentoo.org |
|
| Gentoo update for ptex - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| bugs.gentoo.org/attachment.cgi |
MISC |
bugs.gentoo.org |
|
| [SECURITY] Fedora 7 Update: tetex-3.0-40.3.fc7 |
FEDORA |
www.redhat.com |
|
| SUSE Update for Multiple Packages - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| SecurityFocus |
BUGTRAQ |
www.securityfocus.com |
|
| Webmail - OVH |
VUPEN |
www.vupen.com |
Vendor Advisory |
| Fedora update for tetex - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| rPath update for tetex - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| Gentoo Linux Documentation
--
teTeX: Multiple vulnerabilities |
GENTOO |
security.gentoo.org |
|
| Bug 368641 – CVE-2007-5937 Multiple dviljk buffer overflows |
CONFIRM |
bugzilla.redhat.com |
|
| Gentoo update for tetex - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| Advisories:rPSA-2007-0266 - rPath Wiki |
CONFIRM |
wiki.rpath.com |
|
| Mandriva update for tetex - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| teTeX Multiple Vulnerabilities - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| teTeX Buffer Overflows Let Remote Users Execute Arbitrary Code and Unsafe Temporary Files Let Local Users Overwrite Files - SecurityTracker |
SECTRACK |
www.securitytracker.com |
|
| teTeX DVI File Parsing Multiple Vulnerabilities |
BID |
www.securityfocus.com |
|
| Gentoo Bug 198238 - app-text/tetex < 3.0_p1-r6 Multiple issues in dviljk and dvips (CVE-2007-{5935,5936,5937}) |
CONFIRM |
bugs.gentoo.org |
|
| issues.rpath.com/browse/RPL-1928 |
CONFIRM |
issues.rpath.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|
| Red Hat | 2010-05-06 | Mark J Cox | Not vulnerable. teTeX is packaged without the dviljk binary in Red Hat Enterprise Linux, making it impossible to exploit this flaw. We are however including this fix in RHSA-2010:0399, RHSA-2010:0400, and RHSA-2010:0401 in the event the binary is shipped in the future. |
There are currently no legacy QID mappings associated with this CVE.
