Download
| Alert*
oval:org.secpod.oval:def:2001159
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. oval:org.secpod.oval:def:602802 It was discovered that texlive-base, the TeX Live package which provides the essential TeX programs and files, whitelists mpost as an external program to be run from within the TeX source code . Since mpost allows to specify other programs to be run, an attacker can take advantage of this flaw for a ... oval:org.secpod.oval:def:51883 texlive-base: TeX Live: Essential programs and files TeX Live could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:112210 The TeX Live software distribution offers a complete TeX system for a variety of Unix, Macintosh, Windows and other platforms. It encompasses programs for editing, typesetting, previewing and printing of TeX documents in many different languages, and a large collection of TeX macros and font librari ... oval:org.secpod.oval:def:703777 texlive-base: TeX Live: Essential programs and files TeX Live could be made to run programs as your login if it opened a specially crafted file. |