TeX-Live/texlive-source

TeX-Live/texlive-source

Releases85

Frequency1 month 4 days

Last Release 3 months ago

Stars344

source part of the TeX Live subversion repository - for issues please contact the tex-k mailing list at tug.org

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-32700 ↗	May 20, 2023Saturday, 20 May 2023, 18:15	7.8 HIGH	—
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
CVE-2019-18604 ↗	Oct 29, 2019Tuesday, 29 October 2019, 19:15	9.8 CRITICAL	7.5 HIGH
In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.
CVE-2018-17407 ↗	Sep 23, 2018Sunday, 23 September 2018, 21:29	—	6.8 MEDIUM
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.