VYPR

TeX Live

by TeXLive

CVEs (4)

  • CVE-2023-32700HigMay 20, 2023
    risk 0.51cvss 7.8epss 0.01

    LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.

  • CVE-2023-46048MedMar 27, 2024
    risk 0.40cvss 6.2epss 0.00

    Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem.

  • CVE-2023-32668MedMay 11, 2023
    risk 0.36cvss 5.5epss 0.00

    LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX…

  • CVE-2023-46051LowMar 27, 2024
    risk 0.21cvss 3.3epss 0.00

    TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem.