The vulnerability of the io.popen() function in the luatex-core.lua component of LuaTeX desktop publishing systems, such as TeX Live and MiKTeX, allows a malicious actor to execute arbitrary commands.

The vulnerability of the io.popen function in the luatex-core.lua component of LuaTeX desktop publishing systems such as TeX Live and MiKTeX is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

DEBIAN-CVE-2023-32700

LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...