The version of texlive installed on the remote host is prior to 2012-45.20130427_r30134. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1388 advisory.

    An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before     2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a     malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.
    (CVE-2018-17407)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux AMI : texlive (ALAS-2020-1388)

high Nessus Plugin ID 138059

Version 1.4

Version 1.3

Version 1.4 Dec 11, 2024, 10:15 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202412112215
Version 1.3 Mar 4, 2024, 5:08 PM CVSSv2 score source (set to "CVE-2018-17407") Exploit attributes ("Exploit available" set to "False") Plugin Feed: 202403041708