CVE-2009-1382

Published: 14 July 2009

Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when downloaded before 20090713, allow remote attackers to execute arbitrary code via a TeX file with long (1) picture, (2) circle, or (3) input tags.

Priority

Status

Package	Release	Status
mimetex Launchpad, Ubuntu, Debian	dapper	Released (1.50-1ubuntu0.6.06.1)
	hardy	Released (1.50-1ubuntu0.8.04.1)
	intrepid	Released (1.50-1ubuntu0.8.10.1)
	jaunty	Released (1.50-1ubuntu0.9.04.1)
	upstream	Needs triage

References

http://scary.beasts.org/security/CESA-2009-009.html
https://ubuntu.com/security/notices/USN-844-1
https://www.cve.org/CVERecord?id=CVE-2009-1382
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537254
https://bugs.launchpad.net/ubuntu/+source/mimetex/+bug/401166
https://bugzilla.redhat.com/show_bug.cgi?id=511049

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›