Debian Linux Security Advisory 2048-1 – Dan Rosenberg discovered that in dvipng, a utility that converts DVI files to PNG graphics, several array index errors allow context-dependent attackers, via a specially crafted DVI file, to cause a denial of service (crash of the application), and possibly arbitrary code execution.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/89880/dsa-2048-1.txt
Source: https://packetstormsecurity.com/files/89880/Debian-Linux-Security-Advisory-2048-1.html