Debian Texlive-Base vulnerabilities

CVE-2017-17513 [HIGH] CVE-2017-17513: context - TeX Live through 20170524 does not validate strings before launching the program... TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os

CVE-2016-10243 [CRITICAL] CVE-2016-10243: texlive-base - TeX Live allows remote attackers to execute arbitrary commands by leveraging inc... TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. Scope: local bookworm: resolved (fixed in 2016.20161130-1) bullseye: resolved (fixed in 2016.20161130-1) forky: resolved (fixed in 2016.20161130-1) sid: resolved (fixed in 2016.20161130-1) trixie: resolved (f

CVE-2015-0296 [MEDIUM] CVE-2015-0296: texlive-base - The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora... The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2008-1693 [MEDIUM] CVE-2008-1693: poppler - The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before... The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this