PT-2016-3854 · Latex2Rtf · Latex2Rtf
Whennings
·
Published
2015-11-19
·
Updated
2016-05-18
·
CVE-2015-8106
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
latex2rtf versions prior to 2.3.10
Description
The issue is related to a format string vulnerability in the CmdKeywords function. This vulnerability allows remote attackers to execute arbitrary code via format string specifiers in the keywords command in a crafted TeX file.
Recommendations
For versions prior to 2.3.10, update to version 2.3.10 or later to resolve the issue. As a temporary workaround, consider restricting the use of the keywords command in TeX files until the update is applied.
Fix
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Latex2Rtf