Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tug tex live - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-32700
LuaTeX prior to 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live prior to 2023 r66984 and MiKTeX prior to 23.5.
Luatex Project Luatex
Miktex Miktex
Tug Tex Live
NA
CVE-2023-32668
LuaTeX prior to 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live prior to 2023 r66984 and MiK...
Tug Tex Live
Luatex Project Luatex
Miktex Miktex
6.8
CVSSv2
CVE-2018-17407
An issue exists in t1_check_unusual_charstring functions in writet1.c files in TeX Live prior to 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, ...
Tug Tex Live
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Debian Debian Linux 9.0
Debian Debian Linux 8.0
6.8
CVSSv2
CVE-2017-17513
TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote malicious users to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, t...
Tug Tex Live
5.6
CVSSv2
CVE-2015-5700
mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.
Tug Texlive 20100722
Tug Texlive 20120701
Tug Texlive 20110705
Tug Texlive 20140525
Tug Texlive 20130530
7.5
CVSSv2
CVE-2016-10243
TeX Live allows remote malicious users to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Fedoraproject Fedora 26
Fedoraproject Fedora 25
Tug Tex Live -
7.6
CVSSv2
CVE-2010-2642
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and previous versions, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary co...
Redhat Evince 2.31.92
Redhat Evince 2.31.4.1
Redhat Evince 2.31.6
Redhat Evince 2.31.1
Redhat Evince 2.29.92
Redhat Evince 2.25
Redhat Evince 2.24
Redhat Evince 0.6
Redhat Evince 0.7
Tug Tetex 3.0
T1lib T1lib 5.1.2
Redhat Evince 2.31.4
Redhat Evince 2.30.3
Redhat Evince 2.29
Redhat Evince 2.28
Redhat Evince 2.22
Redhat Evince 2.19
Redhat Evince 0.2
Redhat Evince 0.3
Redhat Evince 2.31.6.1
Redhat Evince 2.31.90
Redhat Evince 2.31
6.8
CVSSv2
CVE-2010-0827
Integer overflow in dvips in TeX Live 2009 and previous versions, and teTeX, allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.
Tug Tex Live 1996
Tug Tex Live 1998
Tug Tex Live 2007
Tug Tex Live 2008
Tug Tex Live 2001
Tug Tex Live 2002
Tug Tex Live 1999
Tug Tex Live 2000
Tug Tex Live
Tug Tex Live 2003
Tug Tex Live 2004
Tug Tex Live 2005
Tug Tetex
6.8
CVSSv2
CVE-2010-1440
Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and previous versions, and teTeX, allow remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) pr...
Tug Tex Live 2007
Tug Tetex
Tug Tex Live 2008
Tug Tex Live 2004
Tug Tex Live
Tug Tex Live 2002
Tug Tex Live 1996
Tug Tex Live 2001
Tug Tex Live 1999
Tug Tex Live 2005
Tug Tex Live 1998
Tug Tex Live 2000
Tug Tex Live 2003
6.8
CVSSv2
CVE-2010-0739
Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote malicious users to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtain...
Tug Tetex
Tug Tex Live
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started