CVE-2007-5935: Buffer Overflow
Description of problem:
DVI file that contains a hypertex reference with long title can trigger a stack based buffer overflow of a statically sized char array when dvips is called with -z argument. This could possibly result in arbitrary code execution in case user was tricked into open a specially crafted DVI file.
Additional info:
This issue affects the versions of the tetex package, as shipped with Red Hat Enterprise Linux 3 and 4.
This issue has no security impact on tetex package version, as shipped in Red Hat Enterprise Linux 5 due to FORTIFYSOURCE protection that terminates the process before the memory corruption occurs.
This issue has no security impact on texlive package versions, as shipped with Fedora releases of 11 and 12, due to FORTIFYSOURCE protection that terminates the process before the memory corruption occurs.
See URL field for the orginal bug report from Debian project.
Other sources
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2007-5935?
CVE-2007-5935 has a high severity due to the potential for arbitrary code execution resulting from a stack-based buffer overflow.
How do I fix CVE-2007-5935?
To fix CVE-2007-5935, update to the patched versions of the affected software provided by your vendor.
Which software is affected by CVE-2007-5935?
CVE-2007-5935 affects teTeX and TeX Live 2007, specifically versions prior to 40.3.
Can CVE-2007-5935 be exploited remotely?
Yes, CVE-2007-5935 can potentially be exploited remotely if a user is tricked into processing a crafted DVI file.
What type of vulnerability is CVE-2007-5935?
CVE-2007-5935 is a stack-based buffer overflow vulnerability.