CVE-2024-29073
published 2024-07-22CVE-2024-29073: An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes…
PriorityP344medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EPSS
11.51%
95.5th percentile
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ankitects | anki | — | — |
| ankitects | anki | >= 0 < 24.6 | 24.6 |
| ankiweb | anki | — | — |
| debian | anki | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
ghsa6.5MEDIUM
osv6.5MEDIUM
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Anki: User scripts in iframes have access to the internal Anki API
ghsa·2026-06-19·CVSS 6.5
CVE-2024-29073 [MEDIUM] CWE-22 Anki: User scripts in iframes have access to the internal Anki API
Anki: User scripts in iframes have access to the internal Anki API
## Summary
Anki's webview-based pages communicate with the Rust backend using an internal localhost API. Anki implements measures to prevent user scripts run in the reviewer/editor from accessing this API (https://github.com/ankitects/anki/pull/3925) but it inadvertently allows access to scripts included via iframes in the editor. While overall only a limited set of API methods are exposed, some such as `getImageForOcclusion` can read arbitrary files.
**CWE:** CWE-22 (Path Traversal)
**Reporter:** Bankde (Eakasit)
## Affected Products
| Ecosystem | Package | Affected Versions |
| --------- | ------- | ----------------- |
| PyPI | `aqt` | `` tags before importing.
- Block unexpected outbound network requests from the An
OSV
Anki Latex Incomplete Blocklist Vulnerability
osv·2024-07-22
CVE-2024-29073 [MEDIUM] Anki Latex Incomplete Blocklist Vulnerability
Anki Latex Incomplete Blocklist Vulnerability
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.
OSV
CVE-2024-29073: An vulnerability in the handling of Latex exists in Ankitects Anki 24
osv·2024-07-22·CVSS 6.5
CVE-2024-29073 [MEDIUM] CVE-2024-29073: An vulnerability in the handling of Latex exists in Ankitects Anki 24
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.
GHSA
Anki Latex Incomplete Blocklist Vulnerability
ghsa·2024-07-22
CVE-2024-29073 [MEDIUM] CWE-829 Anki Latex Incomplete Blocklist Vulnerability
Anki Latex Incomplete Blocklist Vulnerability
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.
Debian
CVE-2024-29073: anki - An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When L...
vendor_debian·2024·CVSS 5.3
CVE-2024-29073 [MEDIUM] CVE-2024-29073: anki - An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When L...
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.
Scope: local
bullseye: open
No detection rules found.
No public exploits indexed.
Talos
Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues
blogs_talos·2024-07-31·CVSS 7.8
[HIGH] Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues
Cisco Talos’ Vulnerability Research team has helped to disclose and patch six new vulnerabilities over the past three weeks, including one in a driver that powers certain NVIDIA graphics cards.
The majority of the vulnerabilities that Talos disclosed during this period exist in Ankitects Anki, an open-source program that allows users to study information using flashcards. The most serious of these issues has a CVSS score of 9.6 out of 10.
All the vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted
Checkpoint
29th July – Threat Intelligence Report
blogs_checkpoint·2024-07-29
CVE-2024-32484 29th July – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 29th July – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 29th July, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
The Superior Court of Los Angeles was forced to shut down its network following a ransomware attack. The court, the largest in the United States, has closed all of its 36 courthouse locations due to the attack for a few days. No ransomware group has publicly claimed responsibility for the attack.
American cybersecurity firm Kn
2024-07-22
Published