CVE-2024-29073

Name of the Vulnerable Software and Affected Versions Ankitects Anki version 24.04

Description A vulnerability exists in the handling of Latex, where the verbatim package has been overlooked during sanitization to prevent unsafe commands. This can lead to an arbitrary file read when a specially crafted flashcard is shared by an attacker.

Recommendations For Ankitects Anki version 24.04, consider disabling the use of Latex or restricting the sharing of flashcards until a patch is available. As a temporary workaround, avoid using the verbatim package in Latex distributions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.