vulnerability
Rocky Linux: CVE-2023-32700: texlive (RLSA-2023-3661)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:N/C:C/I:C/A:C) | May 20, 2023 | Apr 19, 2024 | Jan 28, 2025 |
Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
May 20, 2023
Added
Apr 19, 2024
Modified
Jan 28, 2025
Description
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
Solution(s)
rocky-upgrade-texliverocky-upgrade-texlive-bibtexrocky-upgrade-texlive-bibtex-debuginforocky-upgrade-texlive-debuginforocky-upgrade-texlive-debugsourcerocky-upgrade-texlive-dvipdfmxrocky-upgrade-texlive-dvipngrocky-upgrade-texlive-dvipng-debuginforocky-upgrade-texlive-dvipsrocky-upgrade-texlive-dvips-debuginforocky-upgrade-texlive-dvisvgmrocky-upgrade-texlive-dvisvgm-debuginforocky-upgrade-texlive-fontwarerocky-upgrade-texlive-fontware-debuginforocky-upgrade-texlive-gsftopkrocky-upgrade-texlive-gsftopk-debuginforocky-upgrade-texlive-kpathsearocky-upgrade-texlive-kpathsea-debuginforocky-upgrade-texlive-librocky-upgrade-texlive-lib-debuginforocky-upgrade-texlive-lib-develrocky-upgrade-texlive-luahbtexrocky-upgrade-texlive-luahbtex-debuginforocky-upgrade-texlive-luatexrocky-upgrade-texlive-luatex-debuginforocky-upgrade-texlive-makeindexrocky-upgrade-texlive-makeindex-debuginforocky-upgrade-texlive-metafontrocky-upgrade-texlive-metafont-debuginforocky-upgrade-texlive-metapostrocky-upgrade-texlive-metapost-debuginforocky-upgrade-texlive-mfwarerocky-upgrade-texlive-mfware-debuginforocky-upgrade-texlive-pdftexrocky-upgrade-texlive-pdftex-debuginforocky-upgrade-texlive-texrocky-upgrade-texlive-tex-debuginforocky-upgrade-texlive-tex4htrocky-upgrade-texlive-tex4ht-debuginforocky-upgrade-texlive-xdvirocky-upgrade-texlive-xdvi-debuginforocky-upgrade-texlive-xetexrocky-upgrade-texlive-xetex-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.