5 results (0.017 seconds)

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1

LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. • https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/blob/b266ef076c96b382cd23a4c93204e247bb98626a/source/texk/web2c/luatexdir/ChangeLog#L1-L3 https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0 https://tug.org/pipermail/tex-live/2023-May/049188.html https://tug.org/~mseven/luatex.html#luasocket •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex. Se ha descubierto un problema en las funciones t1_check_unusual_charstring en los archivos writet1.c en TeX Live en versiones anteriores al 21/09/2018. Un desbordamiento de búfer en el manejo de fuentes Type 1 permite la ejecución arbitraria de código cuando una fuente maliciosa es cargada por una de las herramientas vulnerables: pdflatex, pdftex, dvips o luatex. • https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c https://lists.debian.org/debian-security-announce/2018/msg00230.html https://usn.ubuntu.com/3788-1 https://usn.ubuntu.com/3788-2 https://www.debian.org/security/2018/dsa-4299 https://access.redhat.com/security/cve/CVE-2018-17407 https://bugzilla.redhat.com/show_bug.cgi?id=1632802 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua. TeX Live hasta la versión 20170524 no valida cadenas antes de iniciar el programa especificado por la variable de entorno BROWSER. Esto podría permitir que atacantes remotos lleven a cabo ataques de inyección de argumentos mediante una URL manipulada. Esto se relaciona con linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua y texmf-dist/tex/luatex/lualibs/lualibs-os.lua. • https://security-tracker.debian.org/tracker/CVE-2017-17513 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 6.8EPSS: 4%CPEs: 13EXPL: 0

Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file. Desbordamiento de entero en dvips en TeX Live 2009 y anteriores, y teTeX, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de una fuente virtual manipulada, asociada a un fichero DVI. • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://security-tracker.debian.org/tracker/CVE-2010-0827 http://security.gentoo.org/glsa/glsa-201206-28.xml http://www.securityfocus.com/bid/39971 http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?r1=18009&r2=18095 http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=log http://www.u • CWE-189: Numeric Errors •

CVSS: 6.8EPSS: 4%CPEs: 13EXPL: 0

Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739. Múltiples desbordamientos de enteros en dvipsk/dospecial.c en dvips en TeX Live 2009 y anteriores y teTeX, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un comando especial en un fichero DVI, relativo a las funciones (1) predospecial y (2) bbdospecial, vulnerabilidad diferente a CVE-2010-0739. • http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://security.gentoo.org/glsa/glsa-201206-28.xml http://www.ubuntu.com/usn/USN-937-1 https://bugzilla.redhat.com/show_bug.cgi?id=586819 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10068 https://access.redhat.com/security&# • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •