Ctan Mathtex vulnerabilities
9 known vulnerabilities affecting ctan/mathtex.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH5
Vulnerabilities
Page 1 of 1
CVE-2023-51887P2CRITICALCVSS 9.8≤ 1.052024-01-24
CVE-2023-51887 [CRITICAL] CWE-77 CVE-2023-51887: Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arb
Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL.
nvd
CVE-2023-51889P3CRITICALCVSS 9.8≤ 1.052024-01-24
CVE-2023-51889 [CRITICAL] CWE-787 CVE-2023-51889: Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote
Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL.
nvd
CVE-2023-51885P3CRITICALCVSS 9.8≤ 1.052024-01-24
CVE-2023-51885 [CRITICAL] CWE-120 CVE-2023-51885: Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbit
Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component.
nvd
CVE-2009-1383P3HIGHCVSS 7.5≥ 0, < 1.03-12009-07-14
CVE-2009-1383 [HIGH] CVE-2009-1383: The getdirective function in mathtex
The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag.
osv
CVE-2009-2460P3CRITICALCVSS 10.0≥ 0, < 1.03-12009-07-14
CVE-2009-2460 [CRITICAL] CVE-2009-2460: Multiple stack-based buffer overflows in mathtex
Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when downloaded before 20090713, have unspecified impact and remote attack vectors.
osv
CVE-2023-51890P3HIGHCVSS 7.5≤ 1.052024-01-24
CVE-2023-51890 [HIGH] CWE-835 CVE-2023-51890: An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CP
An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL.
nvd
CVE-2023-51886P3HIGHCVSS 7.5≤ 1.052024-01-24
CVE-2023-51886 [HIGH] CWE-120 CVE-2023-51886: Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote atta
Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using \convertpath.
nvd
CVE-2023-51888P3HIGHCVSS 7.5≤ 1.052024-01-24
CVE-2023-51888 [HIGH] CWE-120 CVE-2023-51888: Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote
Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL.
nvd
CVE-2009-2461P4HIGHCVSS 7.2≥ 0, < 1.03-12009-07-14
CVE-2009-2461 [HIGH] CVE-2009-2461: mathtex
mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors.
osv