MathTeX
Products
1- 8 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-51889 | Cri | 0.64 | 9.8 | 0.01 | Jan 24, 2024 | Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL. | ||
| CVE-2023-51887 | Cri | 0.64 | 9.8 | 0.02 | Jan 24, 2024 | Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL. | ||
| CVE-2023-51885 | Cri | 0.64 | 9.8 | 0.01 | Jan 24, 2024 | Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component. | ||
| CVE-2023-51890 | Hig | 0.49 | 7.5 | 0.01 | Jan 24, 2024 | An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL. | ||
| CVE-2023-51888 | Hig | 0.49 | 7.5 | 0.01 | Jan 24, 2024 | Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL. | ||
| CVE-2023-51886 | Hig | 0.49 | 7.5 | 0.01 | Jan 24, 2024 | Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using \convertpath. | ||
| CVE-2009-2461 | 0.00 | — | 0.00 | Jul 14, 2009 | mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors. | |||
| CVE-2009-1383 | 0.00 | — | 0.02 | Jul 14, 2009 | The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag. |
- risk 0.64cvss 9.8epss 0.01
Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL.
- risk 0.64cvss 9.8epss 0.02
Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL.
- risk 0.64cvss 9.8epss 0.01
Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component.
- risk 0.49cvss 7.5epss 0.01
An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL.
- risk 0.49cvss 7.5epss 0.01
Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL.
- risk 0.49cvss 7.5epss 0.01
Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using \convertpath.
- CVE-2009-2461Jul 14, 2009risk 0.00cvss —epss 0.00
mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors.
- CVE-2009-1383Jul 14, 2009risk 0.00cvss —epss 0.02
The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag.