Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.131135
Category:Mageia Linux Local Security Checks
Title:Mageia Linux Local Check: mgasa-2015-0453
Summary:Mageia Linux Local Security Checks mgasa-2015-0453
Description:Summary:
Mageia Linux Local Security Checks mgasa-2015-0453

Vulnerability Insight:
A format string vulnerability was found in CmdKeywords function when processing \keywords command in tex file. When the user runs latex2rtf with malicious crafted tex file, an attacker can execute arbitrary code. The variable 'keywords' in the function CmdKeywords may hold a malicious input string, which can be used as a format argument of vsnprintf (CVE-2015-8106).

Solution:
Update the affected packages to the latest available version.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-8106
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181677.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181276.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181725.html
http://www.openwall.com/lists/oss-security/2015/11/16/3
CopyrightCopyright (C) 2015 Eero Volotinen

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.