Miloslav Trmac

**Name of the Vulnerable Software and Affected Versions** texinfo versions 4.8 and earlier texinfo version 4.7 texinfo version 4.5 texinfo version 4.0b **Description** The issue is related to multiple vulnerabilities in the texinfo package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited by a local attacker. A buffer overflow in the readline function in util/texindex.c, used by the texi2dvi and texindex commands, allows local users to execute arbitrary code via a crafted Texinfo file. **Recommendations** For texinfo versions 4.8 and earlier, update to a version later than 4.8 to resolve the issue. For texinfo version 4.7, consider disabling the vulnerable `readline` function in `util/texindex.c` as a temporary workaround until a patch is available. For texinfo version 4.5, restrict access to the `texi2dvi` and `texindex` commands to minimize the risk of exploitation. For texinfo version 4.0b, avoid using the `texinfo` package until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability for some versions, so consider the above recommendations as temporary workarounds.