CVE-2024-29073

Опубликовано: 22 июл. 2024

Источник: nvd

CVSS3: 5.3

CVSS3: 6.5

EPSS Низкий

Описание

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1992
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1992
Exploit
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1992

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ankiweb:anki:24.04:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02641

Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-829

Связанные уязвимости

CVE-2024-29073

CVSS3: 5.3

ubuntu

больше 1 года назад

CVE-2024-29073

CVSS3: 5.3

debian

больше 1 года назад

An vulnerability in the handling of Latex exists in Ankitects Anki 24. ...

GHSA-x3r6-ccvq-cf5v

CVSS3: 5.3

github

больше 1 года назад

Anki Latex Incomplete Blocklist Vulnerability

EPSS

Процентиль: 85%

0.02641

Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-829