CVE-2017-17513

ADVISORY - nist

Summary

TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua.

EPSS Score⁠: 0.00508 (0.657)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-74⁠

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

ADVISORY - redhat

CWE-20⁠

Improper Input Validation

Impacted images

Advisories

NIST

CREATED

8 years ago

UPDATED

9 months ago

ADVISORY IDCVE-2017-17513⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

8.8high

Debian

CREATED

8 years ago

UPDATED

10 days ago

ADVISORY IDCVE-2017-17513⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

8 years ago

UPDATED

6 months ago

ADVISORY IDCVE-2017-17513⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

8.8low

Red Hat

CREATED

8 years ago

UPDATED

4 days ago

ADVISORY IDCVE-2017-17513⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.3medium