Lucene search
+L
TugTex Live

8 matches found

CVE
CVE
added 2023/05/20 12:0 a.m.356 views

CVE-2023-32700

CVE-2023-32700 affects LuaTeX up to 1.17.0, where luatex-core.lua allows access to the original io.popen, enabling arbitrary shell command execution when compiling TeX from untrusted sources. Impact commonly quoted: TeX Live before 2023 r66984 and MiKTeX before 23.5 are affected. Affected TeX Liv...

8.8CVSS7.7AI score0.00804EPSS
CVE
CVE
added 2018/09/23 9:0 p.m.352 views

CVE-2018-17407

Summary (CVE-2018-17407) : TeX Live before 2018-09-21 contains a buffer overflow in the Type 1 font handling code, specifically in the t1_check_unusual_charstring function within writet1.c. This vulnerability can allow arbitrary code execution if a malicious font is loaded by vulnerable tools (pd...

7.8CVSS7.8AI score0.02058EPSS
CVE
CVE
added 2017/05/02 2:0 p.m.94 views

CVE-2016-10243

CVE-2016-10243 affects TeX Live: the mpost component can be invoked via shell_escape_commands in texmf.cnf, enabling remote command execution. The vulnerability arises from including mpost in shell_escape_commands, allowing a remote attacker to run arbitrary commands when TeX Live processes craft...

9.8CVSS9.6AI score0.07146EPSS
CVE
CVE
added 2023/05/11 12:0 a.m.84 views

CVE-2023-32668

The CVE-2023-32668 issue affects LuaTeX and TeX Live components: LuaTeX prior to 1.17.0 (with default socket library access) allows a document to initiate arbitrary network requests, with TeX Live before 2023 r66984 and MiKTeX before 23.5 also affected. Underlying cause is default full access to ...

5.5CVSS5.7AI score0.0037EPSS
CVE
CVE
added 2010/04/16 6:0 p.m.77 views

CVE-2010-0739

CVE-2010-0739 affects TeX Live and teTeX dvips parsing of DVI files. Root cause: integer/heap-based overflow in predospecial() of dospecial.c, triggered by a crafted DVI file, enabling user-assisted remote code execution. Connected advisories indicate TeX Live/teTeX components are vulnerable; pat...

6.8CVSS7.7AI score0.04918EPSS
CVE
CVE
added 2010/05/07 5:43 p.m.73 views

CVE-2010-0827

CVE-2010-0827: In TeX Live 2009 and earlier, and in teTeX, an integer overflow in dvips when processing virtual font (VF) files associated with DVI can crash the application or potentially allow arbitrary code execution. Affected: TeX Live 2009 and earlier / teTeX. Impact: denial of service or po...

6.8CVSS7.8AI score0.04439EPSS
CVE
CVE
added 2010/05/07 5:43 p.m.72 views

CVE-2010-1440

CVE-2010-1440 affects dvips in TeX Live 2009 and earlier and teTeX. The issue is multiple integer overflows in dvipsk/dospecial.c that can be triggered by a crafted DVI file via predospecial and bbdospecial, potentially causing a denial of service or arbitrary code execution. Praises of impact ar...

6.8CVSS7.8AI score0.0343EPSS
CVE
CVE
added 2017/12/14 4:0 p.m.56 views

CVE-2017-17513

TeX Live

8.8CVSS8.5AI score0.01281EPSS