Detections
Analytics

MiracleLinux 3 : tetex-3.0-33.2.2.1AX (AXSA:2007-64:02)

critical Nessus Plugin ID 284210

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2007-64:02 advisory.

 TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output.
 Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. The output format needn't to be DVI, but also PDF, when using pdflatex or similar tools.
 Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. (CVE-2007-4352) Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3. (CVE-2007-4033) Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow. (CVE-2007-5392) Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter. (CVE-2007-5393)

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/101

Plugin Details

Severity: Critical

ID: 284210

File Name: miracle_linux_AXSA-2007-64.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2007-5393

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2007-4033

Vulnerability Information

CPE: cpe:/o:miracle:linux:3, p-cpe:/a:miracle:linux:tetex-latex, p-cpe:/a:miracle:linux:tetex, p-cpe:/a:miracle:linux:tetex-dvips, p-cpe:/a:miracle:linux:tetex-fonts

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/14/2007

Vulnerability Publication Date: 7/26/2007

Reference Information

CVE: CVE-2007-4033, CVE-2007-4352, CVE-2007-5392, CVE-2007-5393