CVE-2015-8106
high
CVSS v3
7.8
CVSS v2
9.3
VIR risk
7.8
Description
Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2015-8106
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 2.3.10-1 |
| debian | bullseye | fixed | 2.3.10-1 |
| debian | forky | fixed | 2.3.10-1 |
| debian | sid | fixed | 2.3.10-1 |
| debian | trixie | fixed | 2.3.10-1 |
| fedora | 22 | affected | |
| fedora | 23 | affected | |
| fedora | 24 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| latex2rtf_project | latex2rtf | 2.3.8 | |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181276.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181677.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181725.html
- http://www.openwall.com/lists/oss-security/2015/11/16/3
- https://bugzilla.redhat.com/show_bug.cgi?id=1282492
- https://sourceforge.net/p/latex2rtf/code/1244/
- https://security-tracker.debian.org/tracker/CVE-2015-8106
CWEs
CWE-134
Verify integrity in audit chain (admin only). AS-IS.