Known Vulnerabilities for products from Tug
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Tug".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2018-17407 | An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer o... | 7.8 - HIGH | 2018-09-23 | 2018-11-15 |
| CVE-2017-17513 | TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variabl... | 8.8 - HIGH | 2017-12-14 | 2018-01-02 |
| CVE-2016-10243 | TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in t... | 9.8 - CRITICAL | 2017-05-02 | 2023-11-07 |
| CVE-2015-5701 | mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via ... | 6.1 - MEDIUM | 2017-08-25 | 2017-09-12 |
| CVE-2015-5700 | mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a sy... | 6.1 - MEDIUM | 2017-08-25 | 2018-10-12 |
| CVE-2015-0296 | The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc... | 4.7 - MEDIUM | 2017-10-06 | 2017-11-01 |
| CVE-2010-2642 | Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5... | 7.6 - HIGH | 2011-01-07 | 2017-07-01 |
| CVE-2010-1440 | Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to ... | 6.8 - MEDIUM | 2010-05-07 | 2023-02-13 |
| CVE-2010-0829 | Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service ... | 4.3 - MEDIUM | 2010-05-07 | 2017-09-19 |
| CVE-2010-0827 | Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (appl... | 6.8 - MEDIUM | 2010-05-07 | 2017-09-19 |
| CVE-2010-0739 | Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted... | 6.8 - MEDIUM | 2010-04-16 | 2023-11-07 |
| CVE-2007-5940 | feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code... | 4.6 - MEDIUM | 2007-11-13 | 2011-03-08 |
| CVE-2007-5937 | Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to ... | 6.8 - MEDIUM | 2007-11-13 | 2018-10-15 |
| CVE-2007-5936 | dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by cre... | 3.6 - LOW | 2007-11-13 | 2018-10-15 |
| CVE-2007-5935 | Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute... | 6.8 - MEDIUM | 2007-11-13 | 2018-10-15 |
Known software with vulnerabilities from Tug
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Tug | Tex Live | 2018-09-21 |