CVE-2024-32152
published 2024-07-22CVE-2024-32152: A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary…
PriorityP432medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
12.11%
95.6th percentile
A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ankitects | anki | — | — |
| ankitects | anki | >= 0 < 24.6 | 24.6 |
| debian | anki | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
osv4.3MEDIUM
vendor_debian3.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Ankitects Anki LaTeX Blocklist Bypass vulnerability
osv·2024-07-22
CVE-2024-32152 [LOW] Ankitects Anki LaTeX Blocklist Bypass vulnerability
Ankitects Anki LaTeX Blocklist Bypass vulnerability
A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability.
OSV
CVE-2024-32152: A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24
osv·2024-07-22·CVSS 4.3
CVE-2024-32152 [MEDIUM] CVE-2024-32152: A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24
A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability.
GHSA
Ankitects Anki LaTeX Blocklist Bypass vulnerability
ghsa·2024-07-22
CVE-2024-32152 [LOW] CWE-184 Ankitects Anki LaTeX Blocklist Bypass vulnerability
Ankitects Anki LaTeX Blocklist Bypass vulnerability
A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability.
Debian
CVE-2024-32152: anki - A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects ...
vendor_debian·2024·CVSS 3.1
CVE-2024-32152 [LOW] CVE-2024-32152: anki - A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects ...
A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability.
Scope: local
bullseye: open
No detection rules found.
No public exploits indexed.
Talos
Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues
blogs_talos·2024-07-31·CVSS 7.8
[HIGH] Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues
Cisco Talos’ Vulnerability Research team has helped to disclose and patch six new vulnerabilities over the past three weeks, including one in a driver that powers certain NVIDIA graphics cards.
The majority of the vulnerabilities that Talos disclosed during this period exist in Ankitects Anki, an open-source program that allows users to study information using flashcards. The most serious of these issues has a CVSS score of 9.6 out of 10.
All the vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted
Checkpoint
29th July – Threat Intelligence Report
blogs_checkpoint·2024-07-29
CVE-2024-32484 29th July – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 29th July – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 29th July, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
The Superior Court of Los Angeles was forced to shut down its network following a ransomware attack. The court, the largest in the United States, has closed all of its 36 courthouse locations due to the attack for a few days. No ransomware group has publicly claimed responsibility for the attack.
American cybersecurity firm Kn
2024-07-22
Published