CVE-2009-2461
published 2009-07-14CVE-2009-2461: mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors.
PriorityP421high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.36%
28.3th percentile
mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ctan | mathtex | >= 0 < 1.03-1 | 1.03-1 |
| ctan | mathtex | >= 0 < 1.03-1 | 1.03-1 |
| debian | mathtex | < mathtex 1.03-1 (bookworm) | mathtex 1.03-1 (bookworm) |
| forkosh | mathtex | <= 1.02 | — |
| forkosh | mathtex | — | — |
| forkosh | mathtex | — | — |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2009-2461: mathtex - mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely creat...
vendor_debian·2009·CVSS 7.2
CVE-2009-2461 [HIGH] CVE-2009-2461: mathtex - mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely creat...
mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors.
Scope: local
bookworm: resolved (fixed in 1.03-1)
bullseye: resolved (fixed in 1.03-1)
GHSA
GHSA-r968-27hg-qg35: mathtex
ghsa_unreviewed·2022-05-02
CVE-2009-2461 [HIGH] GHSA-r968-27hg-qg35: mathtex
mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors.
OSV
CVE-2009-2461: mathtex
osv·2009-07-14·CVSS 7.2
CVE-2009-2461 [HIGH] CVE-2009-2461: mathtex
mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578http://secunia.com/advisories/35816http://www.ocert.org/advisories/ocert-2009-010.htmlhttp://www.securityfocus.com/archive/1/504919/100/0/threadedhttp://www.vupen.com/english/advisories/2009/1875https://exchange.xforce.ibmcloud.com/vulnerabilities/51797http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578http://secunia.com/advisories/35816http://www.ocert.org/advisories/ocert-2009-010.htmlhttp://www.securityfocus.com/archive/1/504919/100/0/threadedhttp://www.vupen.com/english/advisories/2009/1875https://exchange.xforce.ibmcloud.com/vulnerabilities/51797
2009-07-14
Published