CVE-2007-5937: Buffer Overflow
Description of problem:
dviljk contains multiple buffer overflow conditions that can be triggered by a DVI input file. This could possibly result in arbitrary code execution in case user was tricked into print a specially crafted DVI file.
Additional info:
See URL filed for Gentoo report. The attachment #249481 [details] fixes this bug together with bug #368611 It will most likely need some mungling as whitespace changes make the fixes less obvious.
Other sources
Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2007-5937?
CVE-2007-5937 has a high severity due to the potential for arbitrary code execution.
How do I fix CVE-2007-5937?
To fix CVE-2007-5937, update the affected teTeX or TeX Live packages to the latest version provided by your distribution.
What software is affected by CVE-2007-5937?
CVE-2007-5937 affects teTeX versions up to 3.0-40.3 and TeX Live 2007.
What kind of vulnerability is CVE-2007-5937?
CVE-2007-5937 is a buffer overflow vulnerability that can be triggered by specially crafted DVI input files.
Can CVE-2007-5937 lead to security breaches?
Yes, exploiting CVE-2007-5937 could lead to unauthorized code execution, posing significant security risks.