CVE-2025-54307

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. The /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bundle/upload/ endpoints allow low-privilege users to upload ZIP files to the server. The pluploadfileupload function handles these fil...

SUSE CVE-2023-46049

LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata function via a crafted pdflatex.fmt file or perhaps a crafted .o file to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the...

CVE-2023-46049

LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata function via a crafted pdflatex.fmt file or perhaps a crafted .o file to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the...

PT-2024-13322 · Llvm · Llvm

Name of the Vulnerable Software and Affected Versions: LLVM version 15.0.0 Description: The issue is related to a NULL pointer dereference in the parseOneMetadata function. This can be triggered via a crafted pdflatex.fmt file or possibly a crafted .o file to llvm-lto. However, the relationship...

Oracle Linux 7 : texlive (ELSA-2020-1036)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1036 advisory. 2:2012-45.20130427r30134 - Related: 1650521, buffer overflow in t1checkunusualcharstring function 2:2012-44.20130427r30134 - Resolves: 1650521, buffer overflow ...

Huawei EulerOS: Security Advisory for texlive (EulerOS-SA-2021-1368)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : texlive (EulerOS-SA-2021-1368)

According to the version of the texlive packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in t1checkunusualcharstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling ...

NewStart CGSL CORE 5.04 / MAIN 5.04 : texlive Vulnerability (NS-SA-2020-0078)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has texlive packages installed that are affected by a vulnerability: - An issue was discovered in t1checkunusualcharstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1...

Amazon Linux 2 : texlive (ALAS-2020-1461)

The version of texlive installed on the remote host is prior to 2012-38.20130427r30134. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1461 advisory. An issue was discovered in t1checkunusualcharstring functions in writet1.c files in TeX Live before 2018-09-21. A...

SUSE SLED15 / SLES15 Security Update : texlive (SUSE-SU-2018:3122-1)

This update for texlive fixes the following issue : CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex bsc1109673. Note that Tenable Network...

Updated texlive packages fix security vulnerability

Updated texlive packages fix security vulnerability: A buffer overflow in the handling of Type 1 fonts allowed arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex CVE-2018-17407...

SUSE SLED12 / SLES12 Security Update : texlive (SUSE-SU-2018:3033-1)

This update for texlive fixes the following issue : CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex bsc1109673 Note that Tenable Network...

CVE-2018-17407

An issue was discovered in t1checkunusualcharstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex...

Buffer overflow

An issue was discovered in t1checkunusualcharstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex...

CVE-2018-17407

An issue was discovered in t1checkunusualcharstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex...

CVE-2018-17407

Summary (CVE-2018-17407) : TeX Live before 2018-09-21 contains a buffer overflow in the Type 1 font handling code, specifically in the t1_check_unusual_charstring function within writet1.c. This vulnerability can allow arbitrary code execution if a malicious font is loaded by vulnerable tools (pd...

CVE-2018-17407

An issue was discovered in t1checkunusualcharstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex...

CentOS 5 : tetex (CESA-2012:1201)

Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Scientific Linux Security Update : tetex on SL3.x i386/x86_64

A buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. CVE-2010-0827 Multiple integer overflow...

CVE-2009-0799

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service crash via a crafted PDF file that triggers an out-of-bounds read...