← Back to CVEs
CVE-2016-10243
N/ADescription
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
CVE Details
CVSS v3.1 ScoreN/A
Published5/2/2017
Last Modified4/20/2025
Sourcenvd
Honeypot Sightings0
Affected Products
debian:debian_linuxfedoraproject:fedoratug:tex_live
Weaknesses (CWE)
CWE-20
References
http://www.debian.org/security/2017/dsa-3803(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2017/03/05/1(cve@mitre.org)
http://www.securityfocus.com/bid/96593(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/(cve@mitre.org)
https://security.gentoo.org/glsa/201709-07(cve@mitre.org)
https://www.tug.org/svn/texlive?view=revision&revision=42605(cve@mitre.org)
http://www.debian.org/security/2017/dsa-3803(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2017/03/05/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/96593(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/(af854a3a-2127-422b-91ae-364da2661108)
https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201709-07(af854a3a-2127-422b-91ae-364da2661108)
https://www.tug.org/svn/texlive?view=revision&revision=42605(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.