Search CVE reports
11 – 20 of 185 results
CVE-2023-32700
Medium priorityLuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live...
1 affected packages
texlive-bin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| texlive-bin | — | Fixed | Fixed | Fixed | Not affected |
CVE-2023-32668
Medium prioritySome fixes available 2 of 6
LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This...
1 affected packages
texlive-bin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| texlive-bin | Not affected | Fixed | Fixed | Vulnerable | Vulnerable |
CVE-2022-43680
Medium prioritySome fixes available 10 of 94
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
24 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | — | Not in release | Not in release | Not in release | Needs evaluation |
| cableswig | — | Not in release | Not in release | Not in release | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| firefox | Not affected | Not affected | Ignored | Ignored | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | — | Not in release | Not in release | Not in release | Needs evaluation |
| insighttoolkit4 | Not in release | Not affected | Not affected | Not affected | Needs evaluation |
| libxmltok | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| smart | — | Not in release | Not in release | Not affected | Not affected |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Ignored | Ignored | Ignored | Ignored | Ignored |
| vnc4 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| vtk | — | Not in release | Not in release | Not in release | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-35059
Negligible priorityOTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0414.
1 affected packages
texlive-bin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-35058
Negligible priorityOTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05ce.
1 affected packages
texlive-bin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-35056
Negligible priorityOTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0478.
1 affected packages
texlive-bin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-35055
Negligible priorityOTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0473.
1 affected packages
texlive-bin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-35054
Negligible priorityOTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6171b2.
1 affected packages
texlive-bin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-35053
Negligible priorityOTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x61731f.
1 affected packages
texlive-bin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-35052
Negligible priorityOTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b84b1.
1 affected packages
texlive-bin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |