VYPR
Unrated severityNVD Advisory· Published May 20, 2023· Updated Jan 31, 2025

CVE-2023-32700

CVE-2023-32700

Description

LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

402

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.