DSA-2048-1 dvipng -- buffer overflowID: oval:org.secpod.oval:def:600016 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
Dan Rosenberg discovered that in dvipng, a utility that converts DVI files to PNG graphics, several array index errors allow context-dependent attackers, via a specially crafted DVI file, to cause a denial of service , and possibly arbitrary code execution. For the stable distribution , this problem has been fixed in version dvipng_1.11-1+lenny1. For the testing distribution , this problem has been fixed in version 1.13-1. For the unstable distribution , this problem has been fixed in version 1.13-1. We recommend that you upgrade your dvipng package.