VDB

GCVE-110-MAGEIA-2017-127

GCVE-110-MAGEIA-2017-127
Advisory Published
Vulnetix · Advisory published May 3, 2017
It was discovered that texlive whitelists mpost as an external program to be run from within the TeX source code (called \write18). Since mpost allows to specify other programs to be run, an attacker can take advantage of this flaw for arbitrary code execution when compiling a TeX document (CVE-2016-10243).

Affected Products

VendorProductVersionsPlatforms
Mageiatexlive0 (affected), 0 (affected), 20130530-21.1.mga5 (unaffected), 20130530-21.1.mga5 (unaffected)
Mageiaghostscript0 (affected), 9.22-1.1.mga6 (unaffected)
Mageiaghostscript0 (affected), 9.22-1.1.mga5 (unaffected)

Browse GCVE Records

73,161 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›