Dan Rosenberg reported multiple instances of an array index error in the way TeX text formatting system translated typesetter-independent .dvi (DeVice Independent) files into their Portable Network Graphics (PNG) alternatives. If a user was tricked into translation of a specially-crafted DVI file(s) into its PNG equivalent(s), it could lead to dvipng executable crash.
These issues did NOT affect the versions of the tetex package, as shipped with Red Hat Enterprise Linux 3 and 4. These issues affect the version of the tetex package, as shipped with Red Hat Enterprise Linux 5. These issues affect the versions of the dvipng package, as shipped with Fedora release of 11 and 12.
Created attachment 401221 [details] Proposed patch by Jan-Ake
Public via: [1] http://www.ubuntu.com/usn/USN-936-1
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0400 https://rhn.redhat.com/errata/RHSA-2010-0400.html
dvipng-1.13-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/dvipng-1.13-1.fc11
dvipng-1.13-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/dvipng-1.13-1.fc12
dvipng-1.13-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/dvipng-1.13-1.fc13
dvipng-1.13-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
dvipng-1.13-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
dvipng-1.13-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.