Bug#1061520: mathtex: CVE-2023-51885 CVE-2023-51886 CVE-2023-51887 CVE-2023-51888 CVE-2023-51889 CVE-2023-51890
Source: mathtex
Version: 1.03-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerabilities were published for mathtex.
CVE-2023-51885[0]:
| Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a
| remote attacker to execute arbitrary code via the length of the
| LaTeX string component.
CVE-2023-51886[1]:
| Buffer Overflow vulnerability in the main() function in Mathtex 1.05
| and before allows a remote attacker to cause a denial of service
| when using \convertpath.
CVE-2023-51887[2]:
| Command Injection vulnerability in Mathtex v.1.05 and before allows
| a remote attacker to execute arbitrary code via crafted string in
| application URL.
CVE-2023-51888[3]:
| Buffer Overflow vulnerability in the nomath() function in Mathtex
| v.1.05 and before allows a remote attacker to cause a denial of
| service via a crafted string in the application URL.
CVE-2023-51889[4]:
| Stack Overflow vulnerability in the validate() function in Mathtex
| v.1.05 and before allows a remote attacker to execute arbitrary code
| via crafted string in the application URL.
CVE-2023-51890[5]:
| An infinite loop issue discovered in Mathtex 1.05 and before allows
| a remote attackers to consume CPU resources via crafted string in
| the application URL.
[6] contains the "fuzzing mathtex" report.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-51885
https://www.cve.org/CVERecord?id=CVE-2023-51885
[1] https://security-tracker.debian.org/tracker/CVE-2023-51886
https://www.cve.org/CVERecord?id=CVE-2023-51886
[2] https://security-tracker.debian.org/tracker/CVE-2023-51887
https://www.cve.org/CVERecord?id=CVE-2023-51887
[3] https://security-tracker.debian.org/tracker/CVE-2023-51888
https://www.cve.org/CVERecord?id=CVE-2023-51888
[4] https://security-tracker.debian.org/tracker/CVE-2023-51889
https://www.cve.org/CVERecord?id=CVE-2023-51889
[5] https://security-tracker.debian.org/tracker/CVE-2023-51890
https://www.cve.org/CVERecord?id=CVE-2023-51890
[6] https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply to: