Critical severity9.8NVD Advisory· Published May 2, 2017· Updated Jun 17, 2026
CVE-2016-10243
CVE-2016-10243
Description
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
36cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*
- osv-coords30 versionspkg:rpm/opensuse/texlive&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-a&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-b&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-c&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-d&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-e&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-f&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-g&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-h&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-i&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-j&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-k&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-l&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-m&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-n&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-o&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-p&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-q&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-r&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-s&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-t&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-u&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-v&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-w&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-x&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-y&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/texlive-specs-z&distro=openSUSE%20Tumbleweedpkg:rpm/suse/texlive-kastrup&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/texlive-koma-script&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/texlive-kpathsea&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 2021.20210325.svn34398-76.3+ 29 more
- (no CPE)range: < 2021.20210325.svn34398-76.3
- (no CPE)range: < 2021.186.3.0_beta3svn33894-47.2
- (no CPE)range: < 2021.186.svn19440-46.2
- (no CPE)range: < 2021.186.svn15878-46.2
- (no CPE)range: < 2021.186.2.1bsvn15878-45.2
- (no CPE)range: < 2021.186.1.5svn55387-46.2
- (no CPE)range: < 2021.186.1.5.7svn58590-46.2
- (no CPE)range: < 2021.186.1.0svn54080-45.2
- (no CPE)range: < 2021.186.1.0svn18115-46.3
- (no CPE)range: < 2021.186.2.0bsvn56782-45.2
- (no CPE)range: < 2021.186.1.6.0svn54732-45.2
- (no CPE)range: < 2021.186.1.0fsvn22255-46.3
- (no CPE)range: < 2021.186.1.2.2svn57773-45.2
- (no CPE)range: < 2021.186.0.0.5.6svn53248-48.2
- (no CPE)range: < 2021.187.svn55643-47.2
- (no CPE)range: < 2021.186.1.5svn15878-45.2
- (no CPE)range: < 2021.186.1.01svn41996-46.2
- (no CPE)range: < 2021.186.0.0.1svn45601-47.3
- (no CPE)range: < 2021.186.0.0.3.1svn55214-44.2
- (no CPE)range: < 2021.186.0.0.3bsvn15878-45.2
- (no CPE)range: < 2021.186.0.0.1svn15878-46.3
- (no CPE)range: < 2021.186.1.2asvn15878-46.2
- (no CPE)range: < 2021.186.0.0.1svn34495-50.3
- (no CPE)range: < 2021.186.1.2svn54512-46.2
- (no CPE)range: < 2021.186.1.3svn40772-45.2
- (no CPE)range: < 2021.186.1.1svn48423-46.2
- (no CPE)range: < 2021.186.17.7svn55862-45.3
- (no CPE)range: < 2013.84.svn15878-21.3.1
- (no CPE)range: < 2013.84.3.11bsvn29774-21.3.1
- (no CPE)range: < 2013.84.svn30218-21.3.1
Patches
Vulnerability mechanics
References
8- www.tug.org/svn/texlivenvdPatchVendor Advisory
- scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/nvdExploitTechnical DescriptionThird Party Advisory
- www.debian.org/security/2017/dsa-3803nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2017/03/05/1nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/96593nvdThird Party AdvisoryVDB Entry
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/nvd
- security.gentoo.org/glsa/201709-07nvd
News mentions
0No linked articles in our index yet.