header-logo
Suggest Exploit
vendor:
BibTeX
by:
Vincent Lafevre
N/A
CVSS
N/A
Memory-corruption vulnerability
119
CWE
Product Name: BibTeX
Affected Version From: RedHat Linux 2.1, RedHat Fedora 9 0, RedHat Fedora 11, RedHat Fedora 10, RedHat Enterprise Linux WS 5, RedHat Enterprise Linux WS 4, RedHat Enterprise Linux WS 3, RedHat Enterprise Linux WS 2.1 IA64, RedHat Enterprise Linux WS 2.1, RedHat Enterprise Linux ES 4, RedHat Enterprise Linux ES 3, RedHat Enterprise Linux ES 2.1 IA64, RedHat Enterprise Linux ES 2.1, RedHat Enterprise Linux Desktop Workstation 5 client, RedHat Enterprise Linux Desktop 5 client, RedHat Enterprise Linux AS 4, RedHat Enterprise Linux AS 3, RedHat Enterprise Linux AS 2.1 IA64, RedHat Enterprise Linux AS 2.1, RedHat Enterprise Linux Desktop version 4, Debian Linux 5.0 sparc, Debian Linux 5.0 s/390, Debian Linux 5.0 powerpc, Debian Linux 5.0 mipsel, Debian Linux 5.0 mips, Debian Linux 5.0 m68k, Debian Linux 5.0 ia-64, Debian Linux 5.0 ia-32, Debian Linux 5.0 hppa, Debian Linux 5.0 armel, Debian Linux 5.0 arm, Debian Linux 5.0 amd64, Debian Linux 5.0 alpha, Debian Linux 5.0, Debian Linux 4.0 sparc, Debian Linux 4.0 s/390, Debian Linux 4.0 powerpc, Debian Linux 4.0 mipsel, Debian Linux 4.0 mips, Debian Linux 4.0 m68k, Debian Linux 4.0 ia-64, Debian Linux 4.0 ia-32, Debian Linux 4.0 hppa, Debian Linux 4.0 armel, Debian Linux 4.0 arm, Debian Linux 4.0 amd64, Debian Linux 4.0 alpha, Debian Linux 4.0
Affected Version To: N/A
Patch Exists: Unknown
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Failure to Handle Exceptional Conditions

BibTeX is prone to a memory-corruption vulnerability because it fails to properly handle excessively large '.bib' files. Remote attackers may leverage this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute code, but this has not been confirmed.

Mitigation:

Users should ensure that they are running the latest version of BibTeX and should avoid opening untrusted '.bib' files.
Source

Exploit-DB raw data:

Bugtraq ID: 34332
Class: Failure to Handle Exceptional Conditions

Published: Apr 01 2009 12:00AM
Updated: Nov 13 2009 03:46PM
Credit: Vincent Lafevre
Vulnerable: RedHat Linux 2.1
RedHat Fedora 9 0
RedHat Fedora 11
RedHat Fedora 10
RedHat Enterprise Linux WS 5
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop 5 client
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1 IA64
RedHat Enterprise Linux AS 2.1
RedHat Enterprise Linux Desktop version 4
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 armel
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
BibTeX BibTeX 0

BibTeX is prone to a memory-corruption vulnerability because it fails to properly handle excessively large '.bib' files.

Remote attackers may leverage this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute code, but this has not been confirmed.

NOTE: BibTeX may be shipped with various packages, such as TeTeX or TexLive, that may also be vulnerable. 


Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/10203.tar.bz2 (2009-11-22-bibtex-crash.tar.bz2)