← Zuruck zu CVEs
CVE-2016-10243
N/ABeschreibung
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht5/2/2017
Zuletzt geandert4/20/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
debian:debian_linuxfedoraproject:fedoratug:tex_live
Schwachen (CWE)
CWE-20
Referenzen
http://www.debian.org/security/2017/dsa-3803(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2017/03/05/1(cve@mitre.org)
http://www.securityfocus.com/bid/96593(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/(cve@mitre.org)
https://security.gentoo.org/glsa/201709-07(cve@mitre.org)
https://www.tug.org/svn/texlive?view=revision&revision=42605(cve@mitre.org)
http://www.debian.org/security/2017/dsa-3803(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2017/03/05/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/96593(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/(af854a3a-2127-422b-91ae-364da2661108)
https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201709-07(af854a3a-2127-422b-91ae-364da2661108)
https://www.tug.org/svn/texlive?view=revision&revision=42605(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.