CVE-2015-8106

high

Description

Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file.

References

https://sourceforge.net/p/latex2rtf/code/1244/

https://bugzilla.redhat.com/show_bug.cgi?id=1282492

http://www.openwall.com/lists/oss-security/2015/11/16/3

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181725.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181677.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181276.html

Details

Source: Mitre, NVD

Published: 2016-04-18

Updated: 2016-05-18

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H