CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25262 – Ubuntu Security Notice USN-6695-1
https://notcve.org/view.php?id=CVE-2024-25262
20 Feb 2024 — texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file. Se descubrió que texlive-bin commit c515e contenía un desbordamiento de búfer de almacenamiento dinámico mediante la función ttfLoadHDMX:ttfdump. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) proporcionando un archivo TTF manipulado. It was discovered that ... • https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.2EPSS: 0%CPEs: 9EXPL: 0CVE-2023-46048 – tex-live 944e257 Null Pointer
https://notcve.org/view.php?id=CVE-2023-46048
29 Jan 2024 — Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem. Tex Live 944e257 tiene una desreferencia de puntero NULL en texk/web2c/pdftexdir/writet1.c. NOTA: esto está en disputa porque debería categorizarse como un problema de usabilidad. tex-live version 944e257 suffers from a null pointer vulnerability. • http://seclists.org/fulldisclosure/2024/Jan/65 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2023-32700 – texlive: arbitrary code execution allows document complied with older version
https://notcve.org/view.php?id=CVE-2023-32700
20 May 2023 — LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. An arbitrary code execution vulnerability was found in LuaTeX (TeX Live) that allows any document compiled with older versions of LuaTeX to execute arbitrary shell commands, even with shell escape disabled. Max Chernoff discovered that imp... • https://github.com/TeX-Live/texlive-source/releases/tag/build-svn66984 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-32668 – Ubuntu Security Notice USN-6695-1
https://notcve.org/view.php?id=CVE-2023-32668
11 May 2023 — LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. It was discovered that TeX Live incorrectly handled certain memory operations in the embedded axodraw2 tool. An attacker could possibly use this issue to cause TeX Live to crash, resulting in a denial of service. • https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/blob/b266ef076c96b382cd23a4c93204e247bb98626a/source/texk/web2c/luatexdir/ChangeLog#L1-L3 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-17407 – texlive: Buffer overflow in t1_check_unusual_charstring function in writet1.c
https://notcve.org/view.php?id=CVE-2018-17407
23 Sep 2018 — An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex. Se ha descubierto un problema en las funciones t1_check_unusual_charstring en los archivos writet1.c en TeX Live en versiones anteriores al 21/09/2018. Un desbordamiento de búfer en el manejo de fuentes Type 1 permi... • https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17513
https://notcve.org/view.php?id=CVE-2017-17513
14 Dec 2017 — TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua. TeX Live hasta la versión 20170524 no valida cadenas antes de iniciar el programa especificado por la variable de entorno BROWSER. Esto po... • https://security-tracker.debian.org/tracker/CVE-2017-17513 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 1CVE-2016-10243 – Gentoo Linux Security Advisory 201709-07
https://notcve.org/view.php?id=CVE-2016-10243
02 May 2017 — TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. TeX Live permite a atacantes remotos ejecutar comandos arbitrarios aprovechando la inclusión de mpost en shell_escape_commands en el archivo de configuración texmf.cnf. It was discovered that TeX Live incorrectly handled certain system commands. If a user were tricked into processing a specially crafted TeX file, a remote attacker could execute arbitrary code... • http://www.debian.org/security/2017/dsa-3803 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 13EXPL: 0CVE-2010-1440 – texlive: Integer overflow by processing special commands
https://notcve.org/view.php?id=CVE-2010-1440
07 May 2010 — Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739. Múltiples desbordamientos de enteros en dvipsk/dospecial.c en dvips en TeX Live 2009 y anteriores y teTeX, permite a atacantes remotos causar una denegación de ... • http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 5%CPEs: 13EXPL: 0CVE-2010-0827 – texlive: Buffer overflow flaw by processing virtual font files
https://notcve.org/view.php?id=CVE-2010-0827
07 May 2010 — Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file. Desbordamiento de entero en dvips en TeX Live 2009 y anteriores, y teTeX, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de una fuente virtual manipulada, asociada a un fichero D... • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 8%CPEs: 2EXPL: 0CVE-2010-0739 – texlive: Integer overflow by processing special commands
https://notcve.org/view.php?id=CVE-2010-0739
16 Apr 2010 — Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. Desbordamiento de enteros en la función predospecial en dospecial.c en dvips en (1) TeX Live y (2) teTeX puede permitir a atacantes asistidos por usuarios ejecutar código a través de un fichero DVI manipul... • http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git%3Ba=blob%3Bf=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •