Advisories » MGASA-2015-0453

Updated latex2rtf packages fix security vulnerability

Publication date: 19 Nov 2015
Modification date: 19 Nov 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8106

Description

A format string vulnerability was found in CmdKeywords function when
processing \keywords command in tex file. When the user runs latex2rtf
with malicious crafted tex file, an attacker can execute arbitrary code.
The variable 'keywords' in the function CmdKeywords may hold a malicious
input string, which can be used as a format argument of vsnprintf
(CVE-2015-8106).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17164
• http://openwall.com/lists/oss-security/2015/11/16/3
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8106
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8106

SRPMS

5/core

• latex2rtf-2.3.8-3.1.mga5