CVE-2019-18604Improper Input Validation in Project Axohelp.c

CWE-20Improper Input Validation6 documents5 sources
Severity
9.8CRITICALNVD
EPSS
0.2%
top 58.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Axohelp.c Project Axohelp.cDebian Texlive-binAxodraw2 Project Axodraw2
Timeline
PublishedOct 29
Latest updateMar 14

Description

In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

debiandebian/texlive-bin< texlive-bin 2020.20200327.54578-2 (bookworm)

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
texlive-bin vulnerabilities2024-03-14
GHSA
GHSA-hfg3-f7fm-c9xc: In axohelp2022-05-24
OSV
CVE-2019-18604: In axohelp2019-10-29

📋Vendor Advisories

2
Ubuntu
TeX Live vulnerabilities2024-03-14
Debian
CVE-2019-18604: texlive-bin - In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in ...2019