CVE-2002-0836

NameCVE-2002-0836
Descriptiondvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-207
NVD severityhigh (attack range: remote)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tetex-binsource(unstable)1.0.7+20021025-4high
tetex-binsourcewoody1.0.7+20011202-7.1highDSA-207

Search for package or bug name: Reporting problems