Every CVE whose affected-product data names Tug Tex Live, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2016-10243 — CVSS 9.8 (critical): TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf…
CVE-2017-17513 — CVSS 8.8 (high): TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might…
CVE-2023-32700 — CVSS 7.8 (high): LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs…
CVE-2018-17407 — CVSS 7.8 (high): An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the…
CVE-2010-0827 — CVSS 6.8 (medium): Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash)…
CVE-2010-0739 — CVSS 6.8 (medium): Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote…
CVE-2010-1440 — CVSS 6.8 (medium): Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial…
CVE-2023-32668 — CVSS 5.5 (medium): LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full…