PT-2019-6358 · Tex Live+3 · Axohelp+4

Published

2019-09-07

Updated

2024-06-15

CVE-2019-18604

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions axodraw2 versions prior to 2.1.1b axohelp version prior to 1.3

Description The issue is related to insufficient input validation in the axodraw2 component of the TeX Live system. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The problem is caused by mishandling of sprintf in axohelp.c.

Recommendations For axodraw2 versions prior to 2.1.1b, update to version 2.1.1b or later to resolve the issue. For axohelp version prior to 1.3, update to version 1.3 or later to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2023-03811

CVE-2019-18604

DLA-3427-2

OPENSUSE-SU-2024:11431-1

USN-6695-1

Affected Products

Astra Linux

Linuxmint

Ubuntu

Axodraw2

Axohelp

PT-2019-6358 · Tex Live+3 · Axohelp+4

CVE-2019-18604

Weakness Enumeration

Related Identifiers

Affected Products

References · 23