PT-2019-6358 · Tex Live+3 · Axohelp+4

Publicado

2019-09-07

Atualizado

2024-06-15

CVE-2019-18604

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions axodraw2 versions prior to 2.1.1b axohelp version prior to 1.3

Description The issue is related to insufficient input validation in the axodraw2 component of the TeX Live system. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The problem is caused by mishandling of sprintf in axohelp.c.

Recommendations For axodraw2 versions prior to 2.1.1b, update to version 2.1.1b or later to resolve the issue. For axohelp version prior to 1.3, update to version 1.3 or later to resolve the issue.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2023-03811

CVE-2019-18604

DLA-3427-2

OPENSUSE-SU-2024:11431-1

USN-6695-1

Produtos afetados

Astra Linux

Linuxmint

Ubuntu

Axodraw2

Axohelp

PT-2019-6358 · Tex Live+3 · Axohelp+4

CVE-2019-18604

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 23