CVE-2024-25262
published 2024-02-29CVE-2024-25262: texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a…
PriorityP336high8.1CVSS 3.1
AVNACLPRNUIRSUCNIHAH
EPSS
0.90%
55.2th percentile
texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | texlive-bin | < texlive-bin 2022.20220321.62855-5.1+deb12u2 (bookworm) | texlive-bin 2022.20220321.62855-5.1+deb12u2 (bookworm) |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
texlive-bin vulnerabilities
osv·2026-01-29·CVSS 7.8
CVE-2022-24106 [HIGH] texlive-bin vulnerabilities
texlive-bin vulnerabilities
Shin Ando discovered that the Xpdf toolkit embedded in TeX Live incorrectly
handled memory when decoding certain data streams. An attacker could
possibly use this issue to cause TeX Live to crash, resulting in a denial
of service, or execute arbitrary code. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24106, CVE-2022-24107)
It was discovered that TeX Live allowed documents to make arbitrary network
requests. If a user or automated system were tricked into opening a
specially crafted document, a remote attacker could possibly use this issue
to exfiltrate sensitive information, or perform other network-related
attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2023-32668)
It was discovered that TeX Live in
OSV
texlive-bin vulnerabilities
osv·2024-03-14·CVSS 9.8
CVE-2019-18604 [CRITICAL] texlive-bin vulnerabilities
texlive-bin vulnerabilities
It was discovered that TeX Live incorrectly handled certain memory
operations in the embedded axodraw2 tool. An attacker could possibly use
this issue to cause TeX Live to crash, resulting in a denial of service.
This issue only affected Ubuntu 20.04 LTS. (CVE-2019-18604)
It was discovered that TeX Live allowed documents to make arbitrary
network requests. If a user or automated system were tricked into opening a
specially crafted document, a remote attacker could possibly use this issue
to exfiltrate sensitive information, or perform other network-related
attacks. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2023-32668)
It was discovered that TeX Live incorrectly handled certain TrueType fonts.
If a user or automated system were tric
OSV
CVE-2024-25262: texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump
osv·2024-02-29·CVSS 8.1
CVE-2024-25262 [HIGH] CVE-2024-25262: texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump
texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.
GHSA
GHSA-79qr-9mf7-fr3g: texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump
ghsa_unreviewed·2024-02-29
CVE-2024-25262 [HIGH] CWE-122 GHSA-79qr-9mf7-fr3g: texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump
texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.
Ubuntu
TeX Live vulnerabilities
vendor_ubuntu·2026-01-29·CVSS 7.8
CVE-2022-24107 [HIGH] TeX Live vulnerabilities
Title: TeX Live vulnerabilities
Summary: Several security issues were fixed in TeX Live.
Shin Ando discovered that the Xpdf toolkit embedded in TeX Live incorrectly
handled memory when decoding certain data streams. An attacker could
possibly use this issue to cause TeX Live to crash, resulting in a denial
of service, or execute arbitrary code. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24106, CVE-2022-24107)
It was discovered that TeX Live allowed documents to make arbitrary network
requests. If a user or automated system were tricked into opening a
specially crafted document, a remote attacker could possibly use this issue
to exfiltrate sensitive information, or perform other network-related
attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 1
Ubuntu
TeX Live vulnerabilities
vendor_ubuntu·2024-03-14·CVSS 9.8
CVE-2024-25262 [CRITICAL] TeX Live vulnerabilities
Title: TeX Live vulnerabilities
Summary: Several security issues were fixed in TeX Live.
It was discovered that TeX Live incorrectly handled certain memory
operations in the embedded axodraw2 tool. An attacker could possibly use
this issue to cause TeX Live to crash, resulting in a denial of service.
This issue only affected Ubuntu 20.04 LTS. (CVE-2019-18604)
It was discovered that TeX Live allowed documents to make arbitrary
network requests. If a user or automated system were tricked into opening a
specially crafted document, a remote attacker could possibly use this issue
to exfiltrate sensitive information, or perform other network-related
attacks. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2023-32668)
It was discovered that TeX Live incorrectly handled c
Debian
CVE-2024-25262: texlive-bin - texlive-bin commit c515e was discovered to contain heap buffer overflow via the ...
vendor_debian·2024·CVSS 8.1
CVE-2024-25262 [HIGH] CVE-2024-25262: texlive-bin - texlive-bin commit c515e was discovered to contain heap buffer overflow via the ...
texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.
Scope: local
bookworm: resolved (fixed in 2022.20220321.62855-5.1+deb12u2)
bullseye: resolved (fixed in 2020.20200327.54578-7+deb11u2)
forky: resolved (fixed in 2023.20230311.66589-9)
sid: resolved (fixed in 2023.20230311.66589-9)
trixie: resolved (fixed in 2023.20230311.66589-9)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912https://tug.org/svn/texlive/trunk/Build/source/texk/ttfdump/ChangeLog?revision=69605&view=cohttps://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912https://lists.debian.org/debian-lts-announce/2024/10/msg00032.htmlhttps://tug.org/svn/texlive/trunk/Build/source/texk/ttfdump/ChangeLog?revision=69605&view=co
2024-02-29
Published