Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX
Live 2009 and earlier, and teTeX, allow remote attackers to cause a
denial of service (application crash) or possibly execute arbitrary
code via a special command in a DVI file, related to the (1)
predospecial and (2) bbdospecial functions, a different
vulnerability than CVE-2010-0739.
Major changes:
* dvips.texi (Configuration file commands): document -G,
including its obsolesence.
* Master/texmf/dvips/tetex/config.pdf: remove the G setting,
now actively problematic.
dvips takes a DVI file file[.dvi] produced by TeX (or by some other
processor such as GFtoDVI) and converts it to PostScript, normally
sending the result directly to the (laser)printer. The DVI file may
be specified without the .dvi extension. Fonts used may either be
resident in the printer or defined as bitmaps in PK files, or a
`virtual' combination of both. If the mktexpk program is installed,
either be resident in the printer or defined as bitmaps in PK files,
or a `virtual' combination of both. If the mktexpk program is
installed, dvips will automatically invoke METAFONT to generate fonts
that don't already exist.
