Vulnerability CVE-2009-1382: Information

Description

Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when downloaded before 20090713, allow remote attackers to execute arbitrary code via a TeX file with long (1) picture, (2) circle, or (3) input tags.

Severity: CRITICAL (10.0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2009-1382
Published: July 15, 2009
Modified: Oct. 10, 2018
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
mimetexsisyphus1.76-alt11.76-alt1ALT-PU-2020-3206-1260902Fixed
mimetexp101.76-alt11.76-alt1ALT-PU-2020-3206-1260902Fixed
mimetexp91.76-alt11.76-alt1ALT-PU-2020-3220-1260903Fixed
mimetexc10f11.76-alt11.76-alt1ALT-PU-2020-3206-1260902Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://scary.beasts.org/security/CESA-2009-009.html
  • Exploit
35752
  • Vendor Advisory
ADV-2009-1875
  • Patch
  • Vendor Advisory
35816
  • Vendor Advisory
http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578
  • Exploit
  • Patch
http://www.ocert.org/advisories/ocert-2009-010.html
    ADV-2010-0877
      FEDORA-2010-6546
        mimetex-mimetex-bo(51794)
          20090713 [oCERT-2009-010] mimeTeX and mathTeX buffer overflows and commandinjection

              1. Configuration 1

                cpe:2.3:a:forkosh:mimetex:*:*:*:*:*:*:*:*
                End including
                1.71
            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
            Version: v24.5.0
            Back to top