← Back to CVEs
CVE-2024-29073
MEDIUM5.3
Description
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.
CVE Details
CVSS v3.1 Score5.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionREQUIRED
Published7/22/2024
Last Modified11/4/2025
Sourcenvd
Honeypot Sightings0
Affected Products
ankiweb:anki
Weaknesses (CWE)
CWE-829CWE-829
References
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1992(talos-cna@cisco.com)
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1992(af854a3a-2127-422b-91ae-364da2661108)
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1992(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.