Vulnerability CVE-2009-1382: Information
Description
Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when downloaded before 20090713, allow remote attackers to execute arbitrary code via a TeX file with long (1) picture, (2) circle, or (3) input tags.
Severity: CRITICAL (10.0)
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
mimetex | sisyphus | 1.76-alt1 | 1.76-alt1 | ALT-PU-2020-3206-1 | 260902 | Fixed |
mimetex | p10 | 1.76-alt1 | 1.76-alt1 | ALT-PU-2020-3206-1 | 260902 | Fixed |
mimetex | p9 | 1.76-alt1 | 1.76-alt1 | ALT-PU-2020-3220-1 | 260903 | Fixed |
mimetex | c10f1 | 1.76-alt1 | 1.76-alt1 | ALT-PU-2020-3206-1 | 260902 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
http://scary.beasts.org/security/CESA-2009-009.html |
|
35752 |
|
ADV-2009-1875 |
|
35816 |
|
http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578 |
|
http://www.ocert.org/advisories/ocert-2009-010.html | |
ADV-2010-0877 | |
FEDORA-2010-6546 | |
mimetex-mimetex-bo(51794) | |
20090713 [oCERT-2009-010] mimeTeX and mathTeX buffer overflows and commandinjection |