Vulnerability Name:

CVE-2010-1440 (CCN-58384)

Assigned:2010-05-03
Published:2010-05-03
Updated:2023-02-13
Summary:Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-190
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-1440

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2010-0399
Moderate: tetex security update

Source: CCN
Type: RHSA-2010-0400
Moderate: tetex security update

Source: CCN
Type: RHSA-2010-0401
Moderate: tetex security update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-39966
TeX Live '.dvi' File Parsing Unspecified Remote Code Execution Vulnerability

Source: CCN
Type: USN-937-1
TeX Live vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 586819
CVE-2010-1440 tetex, texlive: Integer overflow by processing special commands

Source: XF
Type: UNKNOWN
tetex-dospecial-code-execution(58384)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: SUSE
Type: SUSE-SR:2010:013
SUSE Security Summary Report

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:tug:tex_live:1996:*:*:*:*:*:*:*
  • OR cpe:/a:tug:tex_live:1998:*:*:*:*:*:*:*
  • OR cpe:/a:tug:tex_live:1999:*:*:*:*:*:*:*
  • OR cpe:/a:tug:tex_live:2000:*:*:*:*:*:*:*
  • OR cpe:/a:tug:tex_live:2001:*:*:*:*:*:*:*
  • OR cpe:/a:tug:tex_live:2002:*:*:*:*:*:*:*
  • OR cpe:/a:tug:tex_live:2003:*:*:*:*:*:*:*
  • OR cpe:/a:tug:tex_live:2004:*:*:*:*:*:*:*
  • OR cpe:/a:tug:tex_live:2005:*:*:*:*:*:*:*
  • OR cpe:/a:tug:tex_live:2007:*:*:*:*:*:*:*
  • OR cpe:/a:tug:tex_live:2008:*:*:*:*:*:*:*
  • OR cpe:/a:tug:tex_live:2009:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:26136
    P
    		Security update for gd (Moderate)
    2021-09-23
    oval:org.opensuse.security:def:26124
    P
    		Security update for openssl-1_1 (Low)
    2021-09-09
    oval:org.opensuse.security:def:26125
    P
    		Security update for grilo (Important)
    2021-09-09
    oval:org.opensuse.security:def:20101440
    V
    		CVE-2010-1440
    2021-08-15
    oval:org.opensuse.security:def:36575
    P
    		texlive-2007-219.34.6 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26200
    P
    		Security update for glibc (Moderate)
    2021-02-25
    oval:org.opensuse.security:def:26900
    P
    		fvwm2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26466
    P
    		Security update for irssi (Important)
    2020-12-01
    oval:org.opensuse.security:def:26803
    P
    		perl-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27538
    P
    		postgresql-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26550
    P
    		fuse on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26842
    P
    		xen on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26328
    P
    		used on wotan :) (Low)
    2020-12-01
    oval:org.opensuse.security:def:27573
    P
    		texlive on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26701
    P
    		ft2demos on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26856
    P
    		PackageKit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26409
    P
    		Security update for lame (Important)
    2020-12-01
    oval:org.opensuse.security:def:26754
    P
    		libneon27 on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:23168
    P
    		ELSA-2010:0400: tetex security update (Moderate)
    2014-07-21
    oval:org.mitre.oval:def:13403
    P
    		USN-937-1 -- texlive-bin vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:22251
    P
    		RHSA-2010:0400: tetex security update (Moderate)
    2014-02-24
    oval:org.mitre.oval:def:10068
    V
    		Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739.
    2013-04-29
    oval:com.redhat.rhsa:def:20100399
    P
    		RHSA-2010:0399: tetex security update (Moderate)
    2010-05-06
    oval:com.redhat.rhsa:def:20100400
    P
    		RHSA-2010:0400: tetex security update (Moderate)
    2010-05-06
    oval:com.redhat.rhsa:def:20100401
    P
    		RHSA-2010:0401: tetex security update (Moderate)
    2010-05-06
    BACK
    tug tex live 1996
    tug tex live 1998
    tug tex live 1999
    tug tex live 2000
    tug tex live 2001
    tug tex live 2002
    tug tex live 2003
    tug tex live 2004
    tug tex live 2005
    tug tex live 2007
    tug tex live 2008
    tug tex live 2009
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2008.0
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2008.0
    canonical ubuntu 8.04
    mandriva linux 2009.0
    mandriva linux 2009.0 -
    mandriva linux 2009.1
    mandriva linux 2009.1
    mandriva enterprise server 5
    mandriva enterprise server 5
    mandriva linux 2010
    mandriva linux 2010