Search for packages
| purl | pkg:deb/ubuntu/texlive-bin@2009-6build1 |
| Next non-vulnerable version | 2018.20181218.49446-2 |
| Latest non-vulnerable version | 2018.20181218.49446-2 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-chrc-qepq-aaag
Aliases: CVE-2012-2120 |
latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-ghqb-bf1j-aaaa
Aliases: CVE-2018-17407 |
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-jeet-y58g-aaan
Aliases: CVE-2019-9589 |
There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. |
Affected by 0 other vulnerabilities. |
|
VCID-jzqs-cus9-aaan
Aliases: CVE-2015-5700 |
mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|