Known Vulnerabilities for products from Tug
Listed below are 17 of the newest known vulnerabilities associated with the vendor "Tug".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-32700 json | LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source... | 7.8 - HIGH | 2023-05-20 | 2023-11-07 |
| CVE-2023-32668 json | LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs b... | 5.5 - MEDIUM | 2023-05-11 | 2023-05-23 |
| CVE-2018-17407 json | An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer o... | 7.8 - HIGH | 2018-09-23 | 2018-11-15 |
| CVE-2017-17513 json | TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variabl... | 8.8 - HIGH | 2017-12-14 | 2018-01-02 |
| CVE-2016-10243 json | TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in t... | 9.8 - CRITICAL | 2017-05-02 | 2023-11-07 |
| CVE-2015-5701 json | mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via ... | 6.1 - MEDIUM | 2017-08-25 | 2017-09-12 |
| CVE-2015-5700 json | mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a sy... | 6.1 - MEDIUM | 2017-08-25 | 2018-10-12 |
| CVE-2015-0296 json | The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc... | 4.7 - MEDIUM | 2017-10-06 | 2017-11-01 |
| CVE-2010-2642 json | Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5... | 7.6 - HIGH | 2011-01-07 | 2017-07-01 |
| CVE-2010-1440 json | Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to ... | 6.8 - MEDIUM | 2010-05-07 | 2023-02-13 |
| CVE-2010-0829 json | Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service ... | 4.3 - MEDIUM | 2010-05-07 | 2017-09-19 |
| CVE-2010-0827 json | Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (appl... | 6.8 - MEDIUM | 2010-05-07 | 2017-09-19 |
| CVE-2010-0739 json | Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted... | 6.8 - MEDIUM | 2010-04-16 | 2023-11-07 |
| CVE-2007-5940 json | feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code... | Not Provided | 2007-11-13 | 2026-04-23 |
| CVE-2007-5937 json | Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to ... | Not Provided | 2007-11-13 | 2026-04-23 |
| CVE-2007-5936 json | dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by cre... | Not Provided | 2007-11-13 | 2026-04-23 |
| CVE-2007-5935 json | Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute... | Not Provided | 2007-11-13 | 2026-04-23 |
Known software with vulnerabilities from Tug
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Tug | Tex Live | 20010730 |