October 23, 2009

Debian Security Advisory 1917 mimetex - several vulnerabilities

Article Source Debian Security Advisories
October 23, 2009, 5:00 pm

Several vulnerabilities have been discovered in mimetex, a lightweight alternative to MathML. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2009-1382

    Chris Evans and Damien Miller, discovered multiple stack-based buffer overflow. An attacker could execute arbitrary code via a TeX file with long picture, circle, input tags.

  • CVE-2009-2459

    Chris Evans discovered that mimeTeX contained certain directives that may be unsuitable for handling untrusted user input. A remote attacker can obtain sensitive information...

Click Here!