CVE-2023-32700 – texlive: arbitrary code execution allows document complied with older version
https://notcve.org/view.php?id=CVE-2023-32700
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. An arbitrary code execution vulnerability was found in LuaTeX (TeX Live) that allows any document compiled with older versions of LuaTeX to execute arbitrary shell commands, even with shell escape disabled. • https://github.com/TeX-Live/texlive-source/releases/tag/build-svn66984 https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLY43MIRONJSJVNBDFQHQ26MP3JIOB3H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF6YXUUFRGBIXIIIEV5SGBJXXT2SMUK5 https://tug.org/pipermail/tex-live/2023-May/049188.html https://tug.org/~mseven/luatex.html https://access.redhat.com/security • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-32668
https://notcve.org/view.php?id=CVE-2023-32668
LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. • https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/blob/b266ef076c96b382cd23a4c93204e247bb98626a/source/texk/web2c/luatexdir/ChangeLog#L1-L3 https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0 https://tug.org/pipermail/tex-live/2023-May/049188.html https://tug.org/~mseven/luatex.html#luasocket •
CVE-2018-17407 – texlive: Buffer overflow in t1_check_unusual_charstring function in writet1.c
https://notcve.org/view.php?id=CVE-2018-17407
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex. Se ha descubierto un problema en las funciones t1_check_unusual_charstring en los archivos writet1.c en TeX Live en versiones anteriores al 21/09/2018. Un desbordamiento de búfer en el manejo de fuentes Type 1 permite la ejecución arbitraria de código cuando una fuente maliciosa es cargada por una de las herramientas vulnerables: pdflatex, pdftex, dvips o luatex. • https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c https://lists.debian.org/debian-security-announce/2018/msg00230.html https://usn.ubuntu.com/3788-1 https://usn.ubuntu.com/3788-2 https://www.debian.org/security/2018/dsa-4299 https://access.redhat.com/security/cve/CVE-2018-17407 https://bugzilla.redhat.com/show_bug.cgi?id=1632802 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-17513
https://notcve.org/view.php?id=CVE-2017-17513
TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua. TeX Live hasta la versión 20170524 no valida cadenas antes de iniciar el programa especificado por la variable de entorno BROWSER. Esto podría permitir que atacantes remotos lleven a cabo ataques de inyección de argumentos mediante una URL manipulada. Esto se relaciona con linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua y texmf-dist/tex/luatex/lualibs/lualibs-os.lua. • https://security-tracker.debian.org/tracker/CVE-2017-17513 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2016-10243
https://notcve.org/view.php?id=CVE-2016-10243
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. TeX Live permite a atacantes remotos ejecutar comandos arbitrarios aprovechando la inclusión de mpost en shell_escape_commands en el archivo de configuración texmf.cnf. • http://www.debian.org/security/2017/dsa-3803 http://www.openwall.com/lists/oss-security/2017/03/05/1 http://www.securityfocus.com/bid/96593 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex https://security.gentoo.org/glsa/201709-07 https:& • CWE-20: Improper Input Validation •