DSA-1917 mimetex -- several vulnerabilitiesID: oval:org.mitre.oval:def:8178 | Date: (C)2009-12-15 (M)2021-06-02 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in mimetex, a lightweight alternative to MathML. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Evans and Damien Miller, discovered multiple stack-based buffer overflow. An attacker could execute arbitrary code via a TeX file with long picture, circle, input tags. Chris Evans discovered that mimeTeX contained certain directives that may be unsuitable for handling untrusted user input. A remote attacker can obtain sensitive information.