Debian Texlive-Bin vulnerabilities

CVE-2024-25262 [HIGH] CVE-2024-25262: texlive-bin - texlive-bin commit c515e was discovered to contain heap buffer overflow via the ... texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file. Scope: local bookworm: resolved (fixed in 2022.20220321.62855-5.1+deb12u2) bullseye: resolved (fixed in 2020.20200327.54578-7+deb11u2) forky: resolve

CVE-2023-32700 [HIGH] CVE-2023-32700: texlive-bin - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling... LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. Scope: local bookworm: resolved (fixed in 2022.20220321.62855-5.1) bullseye: resolved (fixe

CVE-2023-32668 [MEDIUM] CVE-2023-32668: texlive-bin - LuaTeX before 1.17.0 allows a document (compiled with the default settings) to m... LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. Scope: local bookworm: resolved (fixed in 2022.20220321.62855-5.1+deb

CVE-2023-46048 [MEDIUM] CVE-2023-46048: texlive-bin - Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.... Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2023-46051 [LOW] CVE-2023-46051: texlive-bin - TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/touni... TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2022-35068 [MEDIUM] CVE-2022-35068: texlive-bin - OTFCC commit 617837b was discovered to contain a heap buffer overflow via /relea... OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e420d. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35448 [MEDIUM] CVE-2022-35448: texlive-bin - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/... OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b55af. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35041 [MEDIUM] CVE-2022-35041: texlive-bin - OTFCC commit 617837b was discovered to contain a heap buffer overflow via /relea... OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b558f. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35449 [MEDIUM] CVE-2022-35449: texlive-bin - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/... OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0466. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35447 [MEDIUM] CVE-2022-35447: texlive-bin - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/... OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b04de. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35054 [MEDIUM] CVE-2022-35054: texlive-bin - OTFCC commit 617837b was discovered to contain a heap buffer overflow via /relea... OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6171b2. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35485 [MEDIUM] CVE-2022-35485: texlive-bin - OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x6... OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x703969. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35061 [MEDIUM] CVE-2022-35061: texlive-bin - OTFCC commit 617837b was discovered to contain a heap buffer overflow via /relea... OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e412a. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35063 [MEDIUM] CVE-2022-35063: texlive-bin - OTFCC commit 617837b was discovered to contain a heap buffer overflow via /relea... OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41a8. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35056 [MEDIUM] CVE-2022-35056: texlive-bin - OTFCC commit 617837b was discovered to contain a heap buffer overflow via /relea... OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0478. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35484 [MEDIUM] CVE-2022-35484: texlive-bin - OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x6... OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6b6a8f. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35059 [MEDIUM] CVE-2022-35059: texlive-bin - OTFCC commit 617837b was discovered to contain a heap buffer overflow via /relea... OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0414. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35477 [MEDIUM] CVE-2022-35477: texlive-bin - OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x6... OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35049 [MEDIUM] CVE-2022-35049: texlive-bin - OTFCC commit 617837b was discovered to contain a heap buffer overflow via /relea... OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b03b5. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35034 [MEDIUM] CVE-2022-35034: texlive-bin - OTFCC commit 617837b was discovered to contain a heap buffer overflow via /relea... OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e7e3d. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open