CVE-2010-0739

Publication date 16 April 2010

Last updated 4 August 2025

Ubuntu priority

Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
texlive-bin	10.04 LTS lucid	Fixed 2009-5ubuntu0.1
	9.10 karmic	Fixed 2007.dfsg.2-7ubuntu1.1
	9.04 jaunty	Fixed 2007.dfsg.2-4ubuntu2.1
	8.10 intrepid	Ignored end of life, was needed
	8.04 LTS hardy	Fixed 2007.dfsg.1-2ubuntu0.1
	6.06 LTS dapper	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
texlive-bin	Vendor: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git;a=blob;f=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch

CVE-2010-0739

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references