Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tex live vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2010-1440
Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and previous versions, and teTeX, allow remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) pr...
Tug Tex Live 2007
Tug Tetex
Tug Tex Live 2008
Tug Tex Live 2004
Tug Tex Live
Tug Tex Live 2002
Tug Tex Live 1996
Tug Tex Live 2001
Tug Tex Live 1999
Tug Tex Live 2005
Tug Tex Live 1998
Tug Tex Live 2000
Tug Tex Live 2003
6.8
CVSSv2
CVE-2010-0827
Integer overflow in dvips in TeX Live 2009 and previous versions, and teTeX, allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.
Tug Tex Live 1996
Tug Tex Live 1998
Tug Tex Live 2007
Tug Tex Live 2008
Tug Tex Live 2001
Tug Tex Live 2002
Tug Tex Live 1999
Tug Tex Live 2000
Tug Tex Live
Tug Tex Live 2003
Tug Tex Live 2004
Tug Tex Live 2005
Tug Tetex
6.8
CVSSv2
CVE-2017-17513
TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote malicious users to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, t...
Tug Tex Live
6.8
CVSSv2
CVE-2010-0739
Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote malicious users to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtain...
Tug Tetex
Tug Tex Live
NA
CVE-2023-32668
LuaTeX prior to 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live prior to 2023 r66984 and MiK...
Tug Tex Live
Luatex Project Luatex
Miktex Miktex
NA
CVE-2023-32700
LuaTeX prior to 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live prior to 2023 r66984 and MiKTeX prior to 23.5.
Luatex Project Luatex
Miktex Miktex
Tug Tex Live
7.5
CVSSv2
CVE-2016-10243
TeX Live allows remote malicious users to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Fedoraproject Fedora 26
Fedoraproject Fedora 25
Tug Tex Live -
6.8
CVSSv2
CVE-2018-17407
An issue exists in t1_check_unusual_charstring functions in writet1.c files in TeX Live prior to 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, ...
Tug Tex Live
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Debian Debian Linux 9.0
Debian Debian Linux 8.0
NA
CVE-2023-46051
TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem.
NA
CVE-2023-46048
Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »