8 matches found
CVE-2023-32700
CVE-2023-32700 affects LuaTeX up to 1.17.0, where luatex-core.lua allows access to the original io.popen, enabling arbitrary shell command execution when compiling TeX from untrusted sources. Impact commonly quoted: TeX Live before 2023 r66984 and MiKTeX before 23.5 are affected. Affected TeX Liv...
CVE-2018-17407
Summary (CVE-2018-17407) : TeX Live before 2018-09-21 contains a buffer overflow in the Type 1 font handling code, specifically in the t1_check_unusual_charstring function within writet1.c. This vulnerability can allow arbitrary code execution if a malicious font is loaded by vulnerable tools (pd...
CVE-2016-10243
CVE-2016-10243 affects TeX Live: the mpost component can be invoked via shell_escape_commands in texmf.cnf, enabling remote command execution. The vulnerability arises from including mpost in shell_escape_commands, allowing a remote attacker to run arbitrary commands when TeX Live processes craft...
CVE-2023-32668
The CVE-2023-32668 issue affects LuaTeX and TeX Live components: LuaTeX prior to 1.17.0 (with default socket library access) allows a document to initiate arbitrary network requests, with TeX Live before 2023 r66984 and MiKTeX before 23.5 also affected. Underlying cause is default full access to ...
CVE-2010-0739
CVE-2010-0739 affects TeX Live and teTeX dvips parsing of DVI files. Root cause: integer/heap-based overflow in predospecial() of dospecial.c, triggered by a crafted DVI file, enabling user-assisted remote code execution. Connected advisories indicate TeX Live/teTeX components are vulnerable; pat...
CVE-2010-0827
CVE-2010-0827: In TeX Live 2009 and earlier, and in teTeX, an integer overflow in dvips when processing virtual font (VF) files associated with DVI can crash the application or potentially allow arbitrary code execution. Affected: TeX Live 2009 and earlier / teTeX. Impact: denial of service or po...
CVE-2010-1440
CVE-2010-1440 affects dvips in TeX Live 2009 and earlier and teTeX. The issue is multiple integer overflows in dvipsk/dospecial.c that can be triggered by a crafted DVI file via predospecial and bbdospecial, potentially causing a denial of service or arbitrary code execution. Praises of impact ar...
CVE-2017-17513
TeX Live