← Zuruck zu CVEs
CVE-2024-29073
MEDIUM5.3
Beschreibung
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.
CVE Details
CVSS v3.1 Bewertung5.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht7/22/2024
Zuletzt geandert11/4/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
ankiweb:anki
Schwachen (CWE)
CWE-829CWE-829
Referenzen
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1992(talos-cna@cisco.com)
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1992(af854a3a-2127-422b-91ae-364da2661108)
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1992(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.