Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the keywords command in a crafted TeX file.
Weakness
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Latex2rtf | Latex2rtf_project | 2.3.8 (including) | 2.3.8 (including) |
| Latex2rtf | Ubuntu | artful | * |
| Latex2rtf | Ubuntu | esm-apps/xenial | * |
| Latex2rtf | Ubuntu | precise | * |
| Latex2rtf | Ubuntu | trusty | * |
| Latex2rtf | Ubuntu | upstream | * |
| Latex2rtf | Ubuntu | vivid | * |
| Latex2rtf | Ubuntu | wily | * |
| Latex2rtf | Ubuntu | xenial | * |
| Latex2rtf | Ubuntu | yakkety | * |
| Latex2rtf | Ubuntu | zesty | * |
Potential Mitigations
Related Attack Patterns
References
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181276.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181677.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181725.html
- http://www.openwall.com/lists/oss-security/2015/11/16/3
- https://bugzilla.redhat.com/show_bug.cgi?id=1282492
- https://sourceforge.net/p/latex2rtf/code/1244/
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181276.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181677.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181725.html
- http://www.openwall.com/lists/oss-security/2015/11/16/3
- https://bugzilla.redhat.com/show_bug.cgi?id=1282492
- https://sourceforge.net/p/latex2rtf/code/1244/