Debian Texlive-Bin vulnerabilities

CVE-2022-35468 [MEDIUM] CVE-2022-35468: texlive-bin - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/... OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e420d. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35039 [MEDIUM] CVE-2022-35039: texlive-bin - OTFCC commit 617837b was discovered to contain a heap buffer overflow via /relea... OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e20a0. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35479 [MEDIUM] CVE-2022-35479: texlive-bin - OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x6... OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbbb6. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35045 [MEDIUM] CVE-2022-35045: texlive-bin - OTFCC commit 617837b was discovered to contain a heap buffer overflow via /relea... OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0d63. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35455 [MEDIUM] CVE-2022-35455: texlive-bin - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/... OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0d63. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35067 [MEDIUM] CVE-2022-35067: texlive-bin - OTFCC commit 617837b was discovered to contain a heap buffer overflow via /relea... OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b0. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-33047 [CRITICAL] CVE-2022-33047: texlive-bin - OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via ot... OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35465 [MEDIUM] CVE-2022-35465: texlive-bin - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/... OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0414. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35066 [MEDIUM] CVE-2022-35066: texlive-bin - OTFCC commit 617837b was discovered to contain a heap buffer overflow via /relea... OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b8. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35062 [MEDIUM] CVE-2022-35062: texlive-bin - OTFCC commit 617837b was discovered to contain a heap buffer overflow via /relea... OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0bc3. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35458 [MEDIUM] CVE-2022-35458: texlive-bin - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/... OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b05ce. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2022-35027 [MEDIUM] CVE-2022-35027: texlive-bin - OTFCC commit 617837b was discovered to contain a segmentation violation via /rel... OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe9a7. Scope: local bookworm: open bullseye: resolved forky: open sid: open trixie: open

CVE-2021-27548 [MEDIUM] CVE-2021-27548: texlive-bin - There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() ... There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03. Scope: local bookworm: resolved (fixed in 2022.20220321.62855-3) bullseye: resolved forky: resolved (fixed in 2022.20220321.62855-3) sid: resolved (fixed in 2022.20220321.62855-3) trixie: resolved (fixed in 2022.20220321.62855-3)

CVE-2019-18604 [CRITICAL] CVE-2019-18604: texlive-bin - In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in ... In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled. Scope: local bookworm: resolved (fixed in 2020.20200327.54578-2) bullseye: resolved (fixed in 2020.20200327.54578-2) forky: resolved (fixed in 2020.20200327.54578-2) sid: resolved (fixed in 2020.20200327.54578-2) trixie: resol

CVE-2019-19601 [HIGH] CVE-2019-19601: texlive-bin - OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorr... OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorrect sprintf. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-17407 [HIGH] CVE-2018-17407: texlive-bin - An issue was discovered in t1_check_unusual_charstring functions in writet1.c fi... An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex. Scope: local bookworm: resolved (fixed in 2018.20180907.48586-2) bu

CVE-2017-17513 [HIGH] CVE-2017-17513: context - TeX Live through 20170524 does not validate strings before launching the program... TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os

CVE-2016-10243 [CRITICAL] CVE-2016-10243: texlive-base - TeX Live allows remote attackers to execute arbitrary commands by leveraging inc... TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. Scope: local bookworm: resolved (fixed in 2016.20161130-1) bullseye: resolved (fixed in 2016.20161130-1) forky: resolved (fixed in 2016.20161130-1) sid: resolved (fixed in 2016.20161130-1) trixie: resolved (f

CVE-2015-0973 [HIGH] CVE-2015-0973: libpng1.6 - Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng befor... Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. Scope: local bookworm: resolved (fixed in 1.6.16-1) bullseye: resolved (fixed in 1.6.16-1) forky: resolved (fixed

CVE-2015-5700 [MEDIUM] CVE-2015-5700: texlive-bin - mktexlsr revision 22855 through revision 36625 as packaged in texlive allows loc... mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. Scope: local bookworm: resolved (fixed in 2014.20140926.35254-5) bullseye: resolved (fixed in 2014.20140926.35254-5) forky: resolved (fixed in 2014.20140926.35254-5) sid: resolved (fixed in 2014.20140926.35254-5) trixie: reso