PublicDateAtUSN: 2010-04-16
Candidate: CVE-2010-0739
PublicDate: 2010-04-16 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0739
 https://ubuntu.com/security/notices/USN-937-1
Description:
 Integer overflow in the predospecial function in dospecial.c in dvips in
 (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to
 execute arbitrary code via a crafted DVI file that triggers a heap-based
 buffer overflow.  NOTE: some of these details are obtained from third party
 information.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=572941
Priority: medium
Discovered-by: Marc Schoenefeld
Assigned-to:
CVSS: 

Patches_texlive-bin:
 vendor: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git;a=blob;f=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch
upstream_texlive-bin: needed
dapper_texlive-bin: DNE
hardy_texlive-bin: released (2007.dfsg.1-2ubuntu0.1)
intrepid_texlive-bin: needed (reached end-of-life)
jaunty_texlive-bin: released (2007.dfsg.2-4ubuntu2.1)
karmic_texlive-bin: released (2007.dfsg.2-7ubuntu1.1)
lucid_texlive-bin: released (2009-5ubuntu0.1)
devel_texlive-bin: not-affected (2009-6)