Debian Security Advisory DSA 2048-1 (dvipng) Network Vulnerability

Summary

The remote host is missing an update to dvipng announced via advisory DSA 2048-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202048-1

Insight

Dan Rosenberg discovered that in dvipng, a utility that converts DVI files to PNG graphics, several array index errors allow context-dependent attackers, via a specially crafted DVI file, to cause a denial of service (crash of the application), and possibly arbitrary code execution. For the stable distribution (lenny), this problem has been fixed in version dvipng_1.11-1+lenny1. For the testing distribution (squeeze), this problem has been fixed in version 1.13-1. For the unstable distribution (sid), this problem has been fixed in version 1.13-1. We recommend that you upgrade your dvipng package.

Severity

Classification

CVE CVE-2010-0829

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Debian Security Advisory DSA 086-1 (ssh-nonfree, ssh-socks)
Debian Security Advisory DSA 050-1 (sendfile)
Debian Security Advisory DSA 068-1 (openldap)
Debian Security Advisory DSA 1064-1 (cscope)
Debian Security Advisory DSA 1056-1 (webcalendar)

Take action and discover your vulnerabilities