CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25262 – Ubuntu Security Notice USN-6695-1
https://notcve.org/view.php?id=CVE-2024-25262
20 Feb 2024 — texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file. Se descubrió que texlive-bin commit c515e contenía un desbordamiento de búfer de almacenamiento dinámico mediante la función ttfLoadHDMX:ttfdump. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) proporcionando un archivo TTF manipulado. It was discovered that ... • https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.2EPSS: 0%CPEs: 9EXPL: 0CVE-2023-46048 – tex-live 944e257 Null Pointer
https://notcve.org/view.php?id=CVE-2023-46048
29 Jan 2024 — Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem. Tex Live 944e257 tiene una desreferencia de puntero NULL en texk/web2c/pdftexdir/writet1.c. NOTA: esto está en disputa porque debería categorizarse como un problema de usabilidad. tex-live version 944e257 suffers from a null pointer vulnerability. • http://seclists.org/fulldisclosure/2024/Jan/65 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2023-32700 – texlive: arbitrary code execution allows document complied with older version
https://notcve.org/view.php?id=CVE-2023-32700
20 May 2023 — LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. An arbitrary code execution vulnerability was found in LuaTeX (TeX Live) that allows any document compiled with older versions of LuaTeX to execute arbitrary shell commands, even with shell escape disabled. Max Chernoff discovered that imp... • https://github.com/TeX-Live/texlive-source/releases/tag/build-svn66984 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-32668 – Ubuntu Security Notice USN-6695-1
https://notcve.org/view.php?id=CVE-2023-32668
11 May 2023 — LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. It was discovered that TeX Live incorrectly handled certain memory operations in the embedded axodraw2 tool. An attacker could possibly use this issue to cause TeX Live to crash, resulting in a denial of service. • https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/blob/b266ef076c96b382cd23a4c93204e247bb98626a/source/texk/web2c/luatexdir/ChangeLog#L1-L3 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-17407 – texlive: Buffer overflow in t1_check_unusual_charstring function in writet1.c
https://notcve.org/view.php?id=CVE-2018-17407
23 Sep 2018 — An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex. Se ha descubierto un problema en las funciones t1_check_unusual_charstring en los archivos writet1.c en TeX Live en versiones anteriores al 21/09/2018. Un desbordamiento de búfer en el manejo de fuentes Type 1 permi... • https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17513
https://notcve.org/view.php?id=CVE-2017-17513
14 Dec 2017 — TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua. TeX Live hasta la versión 20170524 no valida cadenas antes de iniciar el programa especificado por la variable de entorno BROWSER. Esto po... • https://security-tracker.debian.org/tracker/CVE-2017-17513 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0296
https://notcve.org/view.php?id=CVE-2015-0296
06 Oct 2017 — The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory. El script preinstalado en textlive 3.1.20140525_r34255.fc21 tal y como se distribuye en Fedora 21 y rpm y textlive 6.20131226_r32488.fc20 y rpm permite que los usuarios locales eliminen archivos arbitrarios mediante un archivo modificado en el directorio raíz del usuario. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154198.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2015-5700 – Ubuntu Security Notice USN-3788-1
https://notcve.org/view.php?id=CVE-2015-5700
25 Aug 2017 — mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. mktexlsr revisión 22855 hasta la revisión 36625, como empaquetado en texlive, permite a los usuarios locales escribir en archivos arbitrarios por medio de un ataque de tipo symlink. Jakub Wilk discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was d... • http://www.openwall.com/lists/oss-security/2015/07/30/6 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2015-5701
https://notcve.org/view.php?id=CVE-2015-5701
25 Aug 2017 — mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700. mktexlsr en la revisión 36855, y anterior a la revisión 36626 tal y como se incluye en texlive permite que usuarios locales escriban en archivos arbitrarios mediante un ataque symlink. NOTA: Esta vulnerabilidad existe debido a la reversión de una solución para CVE-2015-5700. • http://www.openwall.com/lists/oss-security/2015/07/30/6 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 1CVE-2016-10243 – Gentoo Linux Security Advisory 201709-07
https://notcve.org/view.php?id=CVE-2016-10243
02 May 2017 — TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. TeX Live permite a atacantes remotos ejecutar comandos arbitrarios aprovechando la inclusión de mpost en shell_escape_commands en el archivo de configuración texmf.cnf. It was discovered that TeX Live incorrectly handled certain system commands. If a user were tricked into processing a specially crafted TeX file, a remote attacker could execute arbitrary code... • http://www.debian.org/security/2017/dsa-3803 • CWE-20: Improper Input Validation •