CVE-2016-10243: Input Validation
Published May 2, 2017
·Updated
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shellescapecommands in the texmf.cnf config file.
Affected Software
5 affected components
Debian Debian Linux=7.0
Debian Debian Linux=8.0
Fedoraproject Fedora=25
Fedoraproject Fedora=26
Tug Tex Live
Remediation
Patch Available
Event History
May 2, 2017
CVE Published
via MITRE·02:00 PM
Data Sourced
via MITRE·02:00 PM
Description
Frequently Asked Questions
1
What is the severity of CVE-2016-10243?
CVE-2016-10243 is classified as a high-severity vulnerability due to its potential to allow remote command execution.
2
How do I fix CVE-2016-10243?
To fix CVE-2016-10243, you should update the TeX Live package to the latest version that addresses this vulnerability.
3
Which software versions are affected by CVE-2016-10243?
CVE-2016-10243 affects TeX Live and specific versions of Debian Linux 7.0, 8.0, Fedora 25, and 26.
4
What type of vulnerability is CVE-2016-10243?
CVE-2016-10243 is a remote command execution vulnerability caused by improper handling of the shell_escape_commands setting.
5
Can CVE-2016-10243 be exploited remotely?
Yes, CVE-2016-10243 can be exploited by remote attackers to execute arbitrary commands.