CVE-2023-46048

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Tex Live version 944e257

Description The issue is related to a NULL pointer dereference in the writet1.c file located in texk/web2c/pdftexdir. This occurs when handling a crafted cmr10.pfb file. It is noted that the categorization of this issue is disputed, with some considering it a usability problem rather than a security vulnerability.

Recommendations For Tex Live version 944e257, as a temporary workaround, consider restricting the use of the writet1.c function until a patch is available. Additionally, avoid using crafted files such as cmr10.pfb to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2023-46048

OESA-2024-1997

OESA-2024-1998

OESA-2024-1999

OESA-2024-2000

OESA-2024-2001

OPENSUSE-SU-2024_1310-1

SUSE-SU-2024:1296-1

SUSE-SU-2024:1310-1

SUSE-SU-2024_1296-1

SUSE-SU-2024_1310-1

Affected Products

Debian

Suse

Tex Live

CVE-2023-46048

Weakness Enumeration

Related Identifiers

Affected Products

References · 33