VDB

GCVE-VVD-MAGEIA-2024-108

GCVE-VVD-MAGEIA-2024-108
Advisory Published
Vulnetix · Advisory published March 13, 2024
LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. (CVE-2023-32668) texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file. (CVE-2024-25262)
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiaperl-Finance-Quote0 (affected), 1.590.0-1.mga9 (unaffected)
Mageiatexlive0 (affected), 20220321-7.1.mga9 (unaffected), 0 (affected), 20220321-7.1.mga9 (unaffected)

Aliases

CVE-2024-25262CVE-2023-32668

Transitive aliases

EUVD-2024-22598VVD-CISA-2024-25262GSD-2024-25262GSD-2023-32668BDU:2024-04366GHSA-79qr-9mf7-fr3gBDU:2024-05717VVD-ANCHORE-2024-25262VVD-CISA-2023-32668EUVD-2023-36911GHSA-hm67-jh95-48xh

References

Updated texlive-20220321 packages fix security vulnerabilities
advisory
Updated texlive-20220321 packages fix security vulnerabilities
issue
Updated texlive-20220321 packages fix security vulnerabilities
advisory
Updated perl-Finance-Quote packages fix function in gnucash
advisory
Updated perl-Finance-Quote packages fix function in gnucash
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›