Search for vulnerabilities
Vulnerability details: VCID-722a-drdg-aaab
Vulnerability ID VCID-722a-drdg-aaab
Aliases CVE-2007-5935
Summary Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0399
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0401
epss 0.01259 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.01259 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.01259 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.01259 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.01259 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.01259 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.01259 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.01259 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.01259 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.01259 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.01259 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.01259 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.02394 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.02394 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.02394 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
epss 0.14371 https://api.first.org/data/v1/epss?cve=CVE-2007-5935
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2007-5935
Reference id Reference type URL
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447081
http://bugs.gentoo.org/show_bug.cgi?id=198238
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5935.json
https://api.first.org/data/v1/epss?cve=CVE-2007-5935
https://bugzilla.redhat.com/show_bug.cgi?id=368591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935
http://secunia.com/advisories/27672
http://secunia.com/advisories/27686
http://secunia.com/advisories/27718
http://secunia.com/advisories/27743
http://secunia.com/advisories/27967
http://secunia.com/advisories/28107
http://secunia.com/advisories/28412
http://secunia.com/advisories/30168
http://security.gentoo.org/glsa/glsa-200711-26.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
https://issues.rpath.com/browse/RPL-1928
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11311
https://usn.ubuntu.com/554-1/
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266
http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
http://www.securityfocus.com/archive/1/487984/100/0/threaded
http://www.securityfocus.com/bid/26469
http://www.securitytracker.com/id?1019058
http://www.vupen.com/english/advisories/2007/3896
cpe:2.3:a:tetex:tetex:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tetex:tetex:*:*:*:*:*:*:*:*
cpe:2.3:a:tug:texlive_2007:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tug:texlive_2007:*:*:*:*:*:*:*:*
CVE-2007-5935 https://nvd.nist.gov/vuln/detail/CVE-2007-5935
GLSA-200711-26 https://security.gentoo.org/glsa/200711-26
RHSA-2010:0399 https://access.redhat.com/errata/RHSA-2010:0399
RHSA-2010:0401 https://access.redhat.com/errata/RHSA-2010:0401
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-5935
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.85996
EPSS Score 0.01259
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.