Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the keywords command in a crafted TeX file.
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Latex2rtf | Latex2rtf_project | 2.3.8 (including) | 2.3.8 (including) |
Latex2rtf | Ubuntu | artful | * |
Latex2rtf | Ubuntu | esm-apps/xenial | * |
Latex2rtf | Ubuntu | precise | * |
Latex2rtf | Ubuntu | trusty | * |
Latex2rtf | Ubuntu | upstream | * |
Latex2rtf | Ubuntu | vivid | * |
Latex2rtf | Ubuntu | wily | * |
Latex2rtf | Ubuntu | xenial | * |
Latex2rtf | Ubuntu | yakkety | * |
Latex2rtf | Ubuntu | zesty | * |