{"api_version":"1","generated_at":"2026-04-22T23:20:10+00:00","cve":"CVE-2007-5936","urls":{"html":"https://cve.report/CVE-2007-5936","api":"https://cve.report/api/cve/CVE-2007-5936.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-5936","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-5936"},"summary":{"title":"CVE-2007-5936","description":"dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2007-11-13 22:46:00","updated_at":"2018-10-15 21:47:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html","name":"SUSE-SR:2008:011","refsource":"SUSE","tags":[],"title":"[security-announce] SUSE Security Summary Report SUSE-SR:200?8:011","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html","name":"SUSE-SR:2008:001","refsource":"SUSE","tags":[],"title":"[security-announce] SUSE Security Summary Report SUSE-SR:2008:001","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/42238","name":"42238","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://usn.ubuntu.com/554-1/","name":"USN-554-1","refsource":"UBUNTU","tags":[],"title":"USN-554-1: teTeX and TeX Live vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=368611","name":"https://bugzilla.redhat.com/show_bug.cgi?id=368611","refsource":"CONFIRM","tags":[],"title":"Bug 368611 – CVE-2007-5936 dviljk uses insecure temporary file","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27967","name":"27967","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Ubuntu update for tetex-bin and texlive-bin - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:230","name":"MDKSA-2007:230","refsource":"MANDRIVA","tags":[],"title":"Support / Security / Advisories /  / MDKSA-2007:230 | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-200805-13.xml","name":"GLSA-200805-13","refsource":"GENTOO","tags":[],"title":"PTeX: Multiple vulnerabilities — Gentoo Linux Documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-200711-34.xml","name":"GLSA-200711-34","refsource":"GENTOO","tags":[],"title":"Gentoo Linux Documentation\n--\n  CSTeX: Multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/30168","name":"30168","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Gentoo update for ptex - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://bugs.gentoo.org/attachment.cgi?id=135423","name":"http://bugs.gentoo.org/attachment.cgi?id=135423","refsource":"MISC","tags":[],"title":"","mime":"text/x-diff","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html","name":"FEDORA-2007-3390","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 7 Update: tetex-3.0-40.3.fc7","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28412","name":"28412","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"SUSE Update for Multiple Packages - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/487984/100/0/threaded","name":"20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/3896","name":"ADV-2007-3896","refsource":"VUPEN","tags":[],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27718","name":"27718","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Fedora update for tetex - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28107","name":"28107","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"rPath update for tetex - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-200711-26.xml","name":"GLSA-200711-26","refsource":"GENTOO","tags":[],"title":"Gentoo Linux Documentation\n--\n  teTeX: Multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27686","name":"27686","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Gentoo update for tetex - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266","name":"http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266","refsource":"CONFIRM","tags":[],"title":"Advisories:rPSA-2007-0266 - rPath Wiki","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/27743","name":"27743","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Mandriva update for tetex - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27672","name":"27672","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"teTeX Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1019058","name":"1019058","refsource":"SECTRACK","tags":[],"title":"teTeX Buffer Overflows Let Remote Users Execute Arbitrary Code and Unsafe Temporary Files Let Local Users Overwrite Files - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/26469","name":"26469","refsource":"BID","tags":[],"title":"teTeX DVI File Parsing Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://bugs.gentoo.org/show_bug.cgi?id=198238","name":"http://bugs.gentoo.org/show_bug.cgi?id=198238","refsource":"CONFIRM","tags":[],"title":"Gentoo Bug 198238 - app-text/tetex < 3.0_p1-r6 Multiple issues in dviljk and dvips (CVE-2007-{5935,5936,5937})","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://issues.rpath.com/browse/RPL-1928","name":"https://issues.rpath.com/browse/RPL-1928","refsource":"CONFIRM","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-5936","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5936","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"5936","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tetex","cpe5":"tetex","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5936","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tetex","cpe5":"tetex","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5936","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tug","cpe5":"texlive_2007","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"5936","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tug","cpe5":"texlive_2007","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[{"cvename":"CVE-2007-5936","organization":"Red Hat","lastmodified":"2010-05-06","contributor":"Mark J Cox","statementText":"Not vulnerable. teTeX is packaged without the dviljk binary in Red Hat Enterprise Linux, making it impossible to exploit this flaw. We are however including this fix in RHSA-2010:0399, RHSA-2010:0400, and RHSA-2010:0401 in the event the binary is shipped in the future.","cve_year":"2007","cve_id":"5936","crc32":"1a02114f"}],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-5936","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://bugs.gentoo.org/attachment.cgi?id=135423","refsource":"MISC","url":"http://bugs.gentoo.org/attachment.cgi?id=135423"},{"name":"https://issues.rpath.com/browse/RPL-1928","refsource":"CONFIRM","url":"https://issues.rpath.com/browse/RPL-1928"},{"name":"27672","refsource":"SECUNIA","url":"http://secunia.com/advisories/27672"},{"name":"27743","refsource":"SECUNIA","url":"http://secunia.com/advisories/27743"},{"name":"SUSE-SR:2008:011","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"},{"name":"28412","refsource":"SECUNIA","url":"http://secunia.com/advisories/28412"},{"name":"27686","refsource":"SECUNIA","url":"http://secunia.com/advisories/27686"},{"name":"USN-554-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/554-1/"},{"name":"42238","refsource":"OSVDB","url":"http://osvdb.org/42238"},{"name":"26469","refsource":"BID","url":"http://www.securityfocus.com/bid/26469"},{"name":"GLSA-200805-13","refsource":"GENTOO","url":"http://security.gentoo.org/glsa/glsa-200805-13.xml"},{"name":"GLSA-200711-26","refsource":"GENTOO","url":"http://security.gentoo.org/glsa/glsa-200711-26.xml"},{"name":"http://bugs.gentoo.org/show_bug.cgi?id=198238","refsource":"CONFIRM","url":"http://bugs.gentoo.org/show_bug.cgi?id=198238"},{"name":"30168","refsource":"SECUNIA","url":"http://secunia.com/advisories/30168"},{"name":"ADV-2007-3896","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/3896"},{"name":"27718","refsource":"SECUNIA","url":"http://secunia.com/advisories/27718"},{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=368611","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=368611"},{"name":"GLSA-200711-34","refsource":"GENTOO","url":"http://security.gentoo.org/glsa/glsa-200711-34.xml"},{"name":"27967","refsource":"SECUNIA","url":"http://secunia.com/advisories/27967"},{"name":"FEDORA-2007-3390","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"},{"name":"http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266","refsource":"CONFIRM","url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"},{"name":"1019058","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1019058"},{"name":"28107","refsource":"SECUNIA","url":"http://secunia.com/advisories/28107"},{"name":"MDKSA-2007:230","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"},{"name":"20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/487984/100/0/threaded"},{"name":"SUSE-SR:2008:001","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"}]}},"nvd":{"publishedDate":"2007-11-13 22:46:00","lastModifiedDate":"2018-10-15 21:47:00","problem_types":["CWE-264"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":3.6},"severity":"LOW","exploitabilityScore":3.9,"impactScore":4.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:tug:texlive_2007:*:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:tetex:tetex:*:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"5936","Ordinal":"29093","Title":"CVE-2007-5936","CVE":"CVE-2007-5936","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"5936","Ordinal":"1","NoteData":"dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.","Type":"Description","Title":null},{"CveYear":"2007","CveId":"5936","Ordinal":"2","NoteData":"2007-11-13","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"5936","Ordinal":"3","NoteData":"2018-10-15","Type":"Other","Title":"Modified"}]}}}