All the vulnerabilites related to tug - texlive_2007
cve-2007-5935
Vulnerability from cvelistv5
Published
2007-11-13 22:00
Modified
2024-08-07 15:47
Severity ?
Summary
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.
References
https://issues.rpath.com/browse/RPL-1928x_refsource_CONFIRM
http://secunia.com/advisories/27672third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27743third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/28412third-party-advisory, x_refsource_SECUNIA
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081x_refsource_CONFIRM
http://secunia.com/advisories/27686third-party-advisory, x_refsource_SECUNIA
https://usn.ubuntu.com/554-1/vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/26469vdb-entry, x_refsource_BID
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311vdb-entry, signature, x_refsource_OVAL
http://security.gentoo.org/glsa/glsa-200805-13.xmlvendor-advisory, x_refsource_GENTOO
http://security.gentoo.org/glsa/glsa-200711-26.xmlvendor-advisory, x_refsource_GENTOO
http://bugs.gentoo.org/show_bug.cgi?id=198238x_refsource_CONFIRM
http://secunia.com/advisories/30168third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=368591x_refsource_MISC
http://www.vupen.com/english/advisories/2007/3896vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/27718third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200711-34.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/27967third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.htmlvendor-advisory, x_refsource_FEDORA
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266x_refsource_CONFIRM
http://www.securitytracker.com/id?1019058vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/28107third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2007:230vendor-advisory, x_refsource_MANDRIVA
http://www.securityfocus.com/archive/1/487984/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:47:00.587Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1928"
          },
          {
            "name": "27672",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27672"
          },
          {
            "name": "27743",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27743"
          },
          {
            "name": "SUSE-SR:2008:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
          },
          {
            "name": "28412",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28412"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081"
          },
          {
            "name": "27686",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27686"
          },
          {
            "name": "USN-554-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/554-1/"
          },
          {
            "name": "26469",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26469"
          },
          {
            "name": "oval:org.mitre.oval:def:11311",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311"
          },
          {
            "name": "GLSA-200805-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
          },
          {
            "name": "GLSA-200711-26",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
          },
          {
            "name": "30168",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30168"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368591"
          },
          {
            "name": "ADV-2007-3896",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3896"
          },
          {
            "name": "27718",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27718"
          },
          {
            "name": "GLSA-200711-34",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
          },
          {
            "name": "27967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27967"
          },
          {
            "name": "FEDORA-2007-3390",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
          },
          {
            "name": "1019058",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019058"
          },
          {
            "name": "28107",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28107"
          },
          {
            "name": "MDKSA-2007:230",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
          },
          {
            "name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
          },
          {
            "name": "SUSE-SR:2008:001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1928"
        },
        {
          "name": "27672",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27672"
        },
        {
          "name": "27743",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27743"
        },
        {
          "name": "SUSE-SR:2008:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
        },
        {
          "name": "28412",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28412"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081"
        },
        {
          "name": "27686",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27686"
        },
        {
          "name": "USN-554-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/554-1/"
        },
        {
          "name": "26469",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26469"
        },
        {
          "name": "oval:org.mitre.oval:def:11311",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311"
        },
        {
          "name": "GLSA-200805-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
        },
        {
          "name": "GLSA-200711-26",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
        },
        {
          "name": "30168",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30168"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368591"
        },
        {
          "name": "ADV-2007-3896",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3896"
        },
        {
          "name": "27718",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27718"
        },
        {
          "name": "GLSA-200711-34",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
        },
        {
          "name": "27967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27967"
        },
        {
          "name": "FEDORA-2007-3390",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
        },
        {
          "name": "1019058",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019058"
        },
        {
          "name": "28107",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28107"
        },
        {
          "name": "MDKSA-2007:230",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
        },
        {
          "name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
        },
        {
          "name": "SUSE-SR:2008:001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5935",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://issues.rpath.com/browse/RPL-1928",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1928"
            },
            {
              "name": "27672",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27672"
            },
            {
              "name": "27743",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27743"
            },
            {
              "name": "SUSE-SR:2008:011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
            },
            {
              "name": "28412",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28412"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081"
            },
            {
              "name": "27686",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27686"
            },
            {
              "name": "USN-554-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/554-1/"
            },
            {
              "name": "26469",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26469"
            },
            {
              "name": "oval:org.mitre.oval:def:11311",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311"
            },
            {
              "name": "GLSA-200805-13",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
            },
            {
              "name": "GLSA-200711-26",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=198238",
              "refsource": "CONFIRM",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
            },
            {
              "name": "30168",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30168"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=368591",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368591"
            },
            {
              "name": "ADV-2007-3896",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3896"
            },
            {
              "name": "27718",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27718"
            },
            {
              "name": "GLSA-200711-34",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
            },
            {
              "name": "27967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27967"
            },
            {
              "name": "FEDORA-2007-3390",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
            },
            {
              "name": "1019058",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019058"
            },
            {
              "name": "28107",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28107"
            },
            {
              "name": "MDKSA-2007:230",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
            },
            {
              "name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
            },
            {
              "name": "SUSE-SR:2008:001",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5935",
    "datePublished": "2007-11-13T22:00:00",
    "dateReserved": "2007-11-13T00:00:00",
    "dateUpdated": "2024-08-07T15:47:00.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-5936
Vulnerability from cvelistv5
Published
2007-11-13 22:00
Modified
2024-08-07 15:47
Severity ?
Summary
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
References
http://bugs.gentoo.org/attachment.cgi?id=135423x_refsource_MISC
https://issues.rpath.com/browse/RPL-1928x_refsource_CONFIRM
http://secunia.com/advisories/27672third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27743third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/28412third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27686third-party-advisory, x_refsource_SECUNIA
https://usn.ubuntu.com/554-1/vendor-advisory, x_refsource_UBUNTU
http://osvdb.org/42238vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/bid/26469vdb-entry, x_refsource_BID
http://security.gentoo.org/glsa/glsa-200805-13.xmlvendor-advisory, x_refsource_GENTOO
http://security.gentoo.org/glsa/glsa-200711-26.xmlvendor-advisory, x_refsource_GENTOO
http://bugs.gentoo.org/show_bug.cgi?id=198238x_refsource_CONFIRM
http://secunia.com/advisories/30168third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/3896vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/27718third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=368611x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200711-34.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/27967third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.htmlvendor-advisory, x_refsource_FEDORA
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266x_refsource_CONFIRM
http://www.securitytracker.com/id?1019058vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/28107third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2007:230vendor-advisory, x_refsource_MANDRIVA
http://www.securityfocus.com/archive/1/487984/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:47:00.575Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/attachment.cgi?id=135423"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1928"
          },
          {
            "name": "27672",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27672"
          },
          {
            "name": "27743",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27743"
          },
          {
            "name": "SUSE-SR:2008:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
          },
          {
            "name": "28412",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28412"
          },
          {
            "name": "27686",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27686"
          },
          {
            "name": "USN-554-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/554-1/"
          },
          {
            "name": "42238",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/42238"
          },
          {
            "name": "26469",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26469"
          },
          {
            "name": "GLSA-200805-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
          },
          {
            "name": "GLSA-200711-26",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
          },
          {
            "name": "30168",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30168"
          },
          {
            "name": "ADV-2007-3896",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3896"
          },
          {
            "name": "27718",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27718"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368611"
          },
          {
            "name": "GLSA-200711-34",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
          },
          {
            "name": "27967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27967"
          },
          {
            "name": "FEDORA-2007-3390",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
          },
          {
            "name": "1019058",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019058"
          },
          {
            "name": "28107",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28107"
          },
          {
            "name": "MDKSA-2007:230",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
          },
          {
            "name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
          },
          {
            "name": "SUSE-SR:2008:001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.gentoo.org/attachment.cgi?id=135423"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1928"
        },
        {
          "name": "27672",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27672"
        },
        {
          "name": "27743",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27743"
        },
        {
          "name": "SUSE-SR:2008:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
        },
        {
          "name": "28412",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28412"
        },
        {
          "name": "27686",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27686"
        },
        {
          "name": "USN-554-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/554-1/"
        },
        {
          "name": "42238",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/42238"
        },
        {
          "name": "26469",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26469"
        },
        {
          "name": "GLSA-200805-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
        },
        {
          "name": "GLSA-200711-26",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
        },
        {
          "name": "30168",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30168"
        },
        {
          "name": "ADV-2007-3896",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3896"
        },
        {
          "name": "27718",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27718"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368611"
        },
        {
          "name": "GLSA-200711-34",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
        },
        {
          "name": "27967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27967"
        },
        {
          "name": "FEDORA-2007-3390",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
        },
        {
          "name": "1019058",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019058"
        },
        {
          "name": "28107",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28107"
        },
        {
          "name": "MDKSA-2007:230",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
        },
        {
          "name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
        },
        {
          "name": "SUSE-SR:2008:001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5936",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugs.gentoo.org/attachment.cgi?id=135423",
              "refsource": "MISC",
              "url": "http://bugs.gentoo.org/attachment.cgi?id=135423"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1928",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1928"
            },
            {
              "name": "27672",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27672"
            },
            {
              "name": "27743",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27743"
            },
            {
              "name": "SUSE-SR:2008:011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
            },
            {
              "name": "28412",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28412"
            },
            {
              "name": "27686",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27686"
            },
            {
              "name": "USN-554-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/554-1/"
            },
            {
              "name": "42238",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/42238"
            },
            {
              "name": "26469",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26469"
            },
            {
              "name": "GLSA-200805-13",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
            },
            {
              "name": "GLSA-200711-26",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=198238",
              "refsource": "CONFIRM",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
            },
            {
              "name": "30168",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30168"
            },
            {
              "name": "ADV-2007-3896",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3896"
            },
            {
              "name": "27718",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27718"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=368611",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368611"
            },
            {
              "name": "GLSA-200711-34",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
            },
            {
              "name": "27967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27967"
            },
            {
              "name": "FEDORA-2007-3390",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
            },
            {
              "name": "1019058",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019058"
            },
            {
              "name": "28107",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28107"
            },
            {
              "name": "MDKSA-2007:230",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
            },
            {
              "name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
            },
            {
              "name": "SUSE-SR:2008:001",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5936",
    "datePublished": "2007-11-13T22:00:00",
    "dateReserved": "2007-11-13T00:00:00",
    "dateUpdated": "2024-08-07T15:47:00.575Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-5940
Vulnerability from cvelistv5
Published
2007-11-13 23:00
Modified
2024-08-07 15:47
Severity ?
Summary
feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.
References
http://bugs.gentoo.org/show_bug.cgi?id=198231x_refsource_CONFIRM
http://secunia.com/advisories/27739third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200711-32.xmlvendor-advisory, x_refsource_GENTOO
http://osvdb.org/42397vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/27737third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/3974vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/26507vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:47:00.657Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=198231"
          },
          {
            "name": "27739",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27739"
          },
          {
            "name": "GLSA-200711-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200711-32.xml"
          },
          {
            "name": "42397",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/42397"
          },
          {
            "name": "27737",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27737"
          },
          {
            "name": "ADV-2007-3974",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3974"
          },
          {
            "name": "26507",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26507"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-11-28T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=198231"
        },
        {
          "name": "27739",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27739"
        },
        {
          "name": "GLSA-200711-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200711-32.xml"
        },
        {
          "name": "42397",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/42397"
        },
        {
          "name": "27737",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27737"
        },
        {
          "name": "ADV-2007-3974",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3974"
        },
        {
          "name": "26507",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26507"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5940",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=198231",
              "refsource": "CONFIRM",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=198231"
            },
            {
              "name": "27739",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27739"
            },
            {
              "name": "GLSA-200711-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200711-32.xml"
            },
            {
              "name": "42397",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/42397"
            },
            {
              "name": "27737",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27737"
            },
            {
              "name": "ADV-2007-3974",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3974"
            },
            {
              "name": "26507",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26507"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5940",
    "datePublished": "2007-11-13T23:00:00",
    "dateReserved": "2007-11-13T00:00:00",
    "dateUpdated": "2024-08-07T15:47:00.657Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-5937
Vulnerability from cvelistv5
Published
2007-11-13 22:00
Modified
2024-08-07 15:47
Severity ?
Summary
Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file.
References
http://bugs.gentoo.org/attachment.cgi?id=135423x_refsource_MISC
https://issues.rpath.com/browse/RPL-1928x_refsource_CONFIRM
http://secunia.com/advisories/27672third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27743third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/28412third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27686third-party-advisory, x_refsource_SECUNIA
https://usn.ubuntu.com/554-1/vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/26469vdb-entry, x_refsource_BID
http://security.gentoo.org/glsa/glsa-200805-13.xmlvendor-advisory, x_refsource_GENTOO
http://security.gentoo.org/glsa/glsa-200711-26.xmlvendor-advisory, x_refsource_GENTOO
http://bugs.gentoo.org/show_bug.cgi?id=198238x_refsource_CONFIRM
http://secunia.com/advisories/30168third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/3896vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/27718third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200711-34.xmlvendor-advisory, x_refsource_GENTOO
https://bugzilla.redhat.com/show_bug.cgi?id=368641x_refsource_CONFIRM
http://secunia.com/advisories/27967third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.htmlvendor-advisory, x_refsource_FEDORA
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266x_refsource_CONFIRM
http://www.securitytracker.com/id?1019058vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/28107third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2007:230vendor-advisory, x_refsource_MANDRIVA
http://www.securityfocus.com/archive/1/487984/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:47:00.570Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/attachment.cgi?id=135423"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1928"
          },
          {
            "name": "27672",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27672"
          },
          {
            "name": "27743",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27743"
          },
          {
            "name": "SUSE-SR:2008:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
          },
          {
            "name": "28412",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28412"
          },
          {
            "name": "27686",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27686"
          },
          {
            "name": "USN-554-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/554-1/"
          },
          {
            "name": "26469",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26469"
          },
          {
            "name": "GLSA-200805-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
          },
          {
            "name": "GLSA-200711-26",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
          },
          {
            "name": "30168",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30168"
          },
          {
            "name": "ADV-2007-3896",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3896"
          },
          {
            "name": "27718",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27718"
          },
          {
            "name": "GLSA-200711-34",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368641"
          },
          {
            "name": "27967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27967"
          },
          {
            "name": "FEDORA-2007-3390",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
          },
          {
            "name": "1019058",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019058"
          },
          {
            "name": "28107",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28107"
          },
          {
            "name": "MDKSA-2007:230",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
          },
          {
            "name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
          },
          {
            "name": "SUSE-SR:2008:001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.gentoo.org/attachment.cgi?id=135423"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1928"
        },
        {
          "name": "27672",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27672"
        },
        {
          "name": "27743",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27743"
        },
        {
          "name": "SUSE-SR:2008:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
        },
        {
          "name": "28412",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28412"
        },
        {
          "name": "27686",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27686"
        },
        {
          "name": "USN-554-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/554-1/"
        },
        {
          "name": "26469",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26469"
        },
        {
          "name": "GLSA-200805-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
        },
        {
          "name": "GLSA-200711-26",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
        },
        {
          "name": "30168",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30168"
        },
        {
          "name": "ADV-2007-3896",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3896"
        },
        {
          "name": "27718",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27718"
        },
        {
          "name": "GLSA-200711-34",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368641"
        },
        {
          "name": "27967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27967"
        },
        {
          "name": "FEDORA-2007-3390",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
        },
        {
          "name": "1019058",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019058"
        },
        {
          "name": "28107",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28107"
        },
        {
          "name": "MDKSA-2007:230",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
        },
        {
          "name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
        },
        {
          "name": "SUSE-SR:2008:001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5937",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugs.gentoo.org/attachment.cgi?id=135423",
              "refsource": "MISC",
              "url": "http://bugs.gentoo.org/attachment.cgi?id=135423"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1928",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1928"
            },
            {
              "name": "27672",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27672"
            },
            {
              "name": "27743",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27743"
            },
            {
              "name": "SUSE-SR:2008:011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
            },
            {
              "name": "28412",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28412"
            },
            {
              "name": "27686",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27686"
            },
            {
              "name": "USN-554-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/554-1/"
            },
            {
              "name": "26469",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26469"
            },
            {
              "name": "GLSA-200805-13",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
            },
            {
              "name": "GLSA-200711-26",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=198238",
              "refsource": "CONFIRM",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
            },
            {
              "name": "30168",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30168"
            },
            {
              "name": "ADV-2007-3896",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3896"
            },
            {
              "name": "27718",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27718"
            },
            {
              "name": "GLSA-200711-34",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=368641",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368641"
            },
            {
              "name": "27967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27967"
            },
            {
              "name": "FEDORA-2007-3390",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
            },
            {
              "name": "1019058",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019058"
            },
            {
              "name": "28107",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28107"
            },
            {
              "name": "MDKSA-2007:230",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
            },
            {
              "name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
            },
            {
              "name": "SUSE-SR:2008:001",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5937",
    "datePublished": "2007-11-13T22:00:00",
    "dateReserved": "2007-11-13T00:00:00",
    "dateUpdated": "2024-08-07T15:47:00.570Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2007-11-13 22:46
Modified
2024-11-21 00:38
Severity ?
Summary
Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file.
References
cve@mitre.orghttp://bugs.gentoo.org/attachment.cgi?id=135423
cve@mitre.orghttp://bugs.gentoo.org/show_bug.cgi?id=198238
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
cve@mitre.orghttp://secunia.com/advisories/27672Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27686Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27718Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27743Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27967Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28107Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28412Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/30168Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200711-26.xml
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200711-34.xml
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200805-13.xml
cve@mitre.orghttp://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2007:230
cve@mitre.orghttp://www.securityfocus.com/archive/1/487984/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/26469
cve@mitre.orghttp://www.securitytracker.com/id?1019058
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3896Vendor Advisory
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=368641
cve@mitre.orghttps://issues.rpath.com/browse/RPL-1928
cve@mitre.orghttps://usn.ubuntu.com/554-1/
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/attachment.cgi?id=135423
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=198238
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27672Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27686Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27718Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27743Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27967Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28107Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28412Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30168Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200711-26.xml
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200711-34.xml
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200805-13.xml
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/487984/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26469
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019058
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3896Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=368641
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1928
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/554-1/
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
Impacted products
Vendor Product Version
tetex tetex *
tug texlive_2007 *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tetex:tetex:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "87CCAA71-B817-48A0-81C0-9E4DC4953C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tug:texlive_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B01AD712-1D5C-49B6-AF51-4A4A2BA3FD83",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en el archivo dvi2xx.c en dviljk en teTeX y TeXlive 2007 y anteriores, podr\u00edan permitir a atacantes asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de un archivo de entrada DVI dise\u00f1ado."
    }
  ],
  "id": "CVE-2007-5937",
  "lastModified": "2024-11-21T00:38:59.373",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-11-13T22:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.gentoo.org/attachment.cgi?id=135423"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27672"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27686"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27718"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27743"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27967"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28107"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28412"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30168"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26469"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019058"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3896"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368641"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1928"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/554-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/attachment.cgi?id=135423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27672"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27718"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368641"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1928"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/554-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable.\n\nteTeX is packaged without the dviljk binary in Red Hat Enterprise Linux, making it impossible to exploit this flaw. We are however including this fix in RHSA-2010:0399, RHSA-2010:0400, and RHSA-2010:0401 in the event the binary is shipped in the future.",
      "lastModified": "2010-05-06T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-11-13 22:46
Modified
2024-11-21 00:38
Severity ?
Summary
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
References
cve@mitre.orghttp://bugs.gentoo.org/attachment.cgi?id=135423
cve@mitre.orghttp://bugs.gentoo.org/show_bug.cgi?id=198238
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
cve@mitre.orghttp://osvdb.org/42238
cve@mitre.orghttp://secunia.com/advisories/27672Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27686Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27718Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27743Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27967Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28107Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28412Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/30168Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200711-26.xml
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200711-34.xml
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200805-13.xml
cve@mitre.orghttp://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2007:230
cve@mitre.orghttp://www.securityfocus.com/archive/1/487984/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/26469
cve@mitre.orghttp://www.securitytracker.com/id?1019058
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3896
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=368611
cve@mitre.orghttps://issues.rpath.com/browse/RPL-1928
cve@mitre.orghttps://usn.ubuntu.com/554-1/
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/attachment.cgi?id=135423
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=198238
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/42238
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27672Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27686Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27718Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27743Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27967Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28107Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28412Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30168Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200711-26.xml
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200711-34.xml
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200805-13.xml
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/487984/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26469
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019058
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3896
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=368611
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1928
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/554-1/
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
Impacted products
Vendor Product Version
tetex tetex *
tug texlive_2007 *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tetex:tetex:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "87CCAA71-B817-48A0-81C0-9E4DC4953C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tug:texlive_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B01AD712-1D5C-49B6-AF51-4A4A2BA3FD83",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place."
    },
    {
      "lang": "es",
      "value": "dvips en teTex y TeXlive 2007 y anteriores permite a usuarios locales obtener informaci\u00f3n sensible y modificar ciertos datos a trav\u00e9s de la creaci\u00f3n de ciertos archivos temporales antes de que sean procesados por dviljk, lo cual permite que puedan ser leidos o modificados en el lugar."
    }
  ],
  "id": "CVE-2007-5936",
  "lastModified": "2024-11-21T00:38:59.207",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-11-13T22:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.gentoo.org/attachment.cgi?id=135423"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/42238"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27672"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27686"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27718"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27743"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27967"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28107"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28412"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30168"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26469"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019058"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3896"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368611"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1928"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/554-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/attachment.cgi?id=135423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/42238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27672"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27718"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1928"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/554-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable.\n\nteTeX is packaged without the dviljk binary in Red Hat Enterprise Linux, making it impossible to exploit this flaw. We are however including this fix in RHSA-2010:0399, RHSA-2010:0400, and RHSA-2010:0401 in the event the binary is shipped in the future.",
      "lastModified": "2010-05-06T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-11-13 22:46
Modified
2024-11-21 00:38
Severity ?
Summary
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.
References
cve@mitre.orghttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081Exploit
cve@mitre.orghttp://bugs.gentoo.org/show_bug.cgi?id=198238
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
cve@mitre.orghttp://secunia.com/advisories/27672Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27686Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27718Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27743Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27967Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28107Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28412Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/30168Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200711-26.xml
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200711-34.xml
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200805-13.xml
cve@mitre.orghttp://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2007:230
cve@mitre.orghttp://www.securityfocus.com/archive/1/487984/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/26469
cve@mitre.orghttp://www.securitytracker.com/id?1019058
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3896
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=368591
cve@mitre.orghttps://issues.rpath.com/browse/RPL-1928
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311
cve@mitre.orghttps://usn.ubuntu.com/554-1/
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081Exploit
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=198238
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27672Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27686Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27718Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27743Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27967Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28107Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28412Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30168Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200711-26.xml
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200711-34.xml
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200805-13.xml
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/487984/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26469
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019058
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3896
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=368591
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1928
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/554-1/
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
Impacted products
Vendor Product Version
tetex tetex *
tug texlive_2007 *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tetex:tetex:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "87CCAA71-B817-48A0-81C0-9E4DC4953C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tug:texlive_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B01AD712-1D5C-49B6-AF51-4A4A2BA3FD83",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag."
    },
    {
      "lang": "es",
      "value": "Desbodarmiento de b\u00fafer basado en pila en hpc.c en dvips en teTeX y TeXlive 2007 y anteriores permite a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo DVI conm una etiqueta href larga."
    }
  ],
  "id": "CVE-2007-5935",
  "lastModified": "2024-11-21T00:38:59.037",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-11-13T22:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27672"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27686"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27718"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27743"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27967"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28107"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28412"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30168"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26469"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019058"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3896"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368591"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1928"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/554-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27672"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27718"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1928"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/554-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5935\n\nThis issue has been addressed in RHSA-2010:0399 and RHSA-2010:0401.",
      "lastModified": "2010-05-07T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-11-13 23:46
Modified
2024-11-21 00:38
Severity ?
Summary
feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.
Impacted products
Vendor Product Version
tug texlive_2007 *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tug:texlive_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B01AD712-1D5C-49B6-AF51-4A4A2BA3FD83",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file."
    },
    {
      "lang": "es",
      "value": "feynmf.pl en feynmf 1.08, tal y como se utiliza  en TeXLive 2007, permite a usuarios locales sobrescribit archivos de su eleci\u00f3n y ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre el archivo temporal feynmf$$.pl."
    }
  ],
  "id": "CVE-2007-5940",
  "lastModified": "2024-11-21T00:38:59.830",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-11-13T23:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=198231"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/42397"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27737"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27739"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200711-32.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26507"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=198231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/42397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27739"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200711-32.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26507"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3974"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}