VYPR

mathTeX

by MathTeX

CVEs (8)

  • CVE-2023-51889CriJan 24, 2024
    risk 0.64cvss 9.8epss 0.01

    Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL.

  • CVE-2023-51887CriJan 24, 2024
    risk 0.64cvss 9.8epss 0.02

    Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL.

  • CVE-2023-51885CriJan 24, 2024
    risk 0.64cvss 9.8epss 0.01

    Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component.

  • CVE-2023-51890HigJan 24, 2024
    risk 0.49cvss 7.5epss 0.01

    An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL.

  • CVE-2023-51888HigJan 24, 2024
    risk 0.49cvss 7.5epss 0.01

    Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL.

  • CVE-2023-51886HigJan 24, 2024
    risk 0.49cvss 7.5epss 0.01

    Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using \convertpath.

  • CVE-2009-2461Jul 14, 2009
    risk 0.00cvss epss 0.00

    mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors.

  • CVE-2009-1383Jul 14, 2009
    risk 0.00cvss epss 0.02

    The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag.