First published: Mon Nov 16 2015(Updated: )
A format string vulnerability was found in CmdKeywords function when processing \keywords command in tex file. When the user runs latex2rtf with malicious crafted tex file, an attacker can execute arbitrary code. The variable `keywords' in the function CmdKeywords may hold a malicious input string, which can be used as a format argument of vsnprintf. Vulnerable code: 1789 char *keywords = getBraceParam(); ... 1798 fprintRTF(keywords); ... 858 void fprintRTF(char *format, ...){ ... 873 vsnprintf(buffer, 1024, format, apf); ... Public disclosure (includes reproducer and suggested fix): <a href="http://seclists.org/oss-sec/2015/q4/283">http://seclists.org/oss-sec/2015/q4/283</a>
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Latex2rtf Project Latex2rtf | =2.3.8 | |
Fedoraproject Fedora | =22 | |
Fedoraproject Fedora | =23 | |
Fedoraproject Fedora | =24 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.