CVE-2019-18604: Critical severity axohelp.c vulnerability
Published Oct 29, 2019
·Updated
In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.
Affected Software
5 affected componentsFixes available
debian/texlive-bin
2018.20181218.49446-1+deb10u22020.20200327.54578-7+deb11u12022.20220321.62855-5.1+deb12u12023.20230311.66589-9
ubuntu/texlive-bin<2019.20190605.51237-3ubuntu0.2
2019.20190605.51237-3ubuntu0.2
ubuntu/texlive-bin<2020.20200327.54578-2
2020.20200327.54578-2
Axohelp.c Project Axohelp.c<1.3
Axodraw2 Project Axodraw2<=2.1.1
Remediation
Event History
Oct 29, 2019
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Mar 14, 2024
Data Sourced
via Launchpad·02:00 PM
Description
Frequently Asked Questions
1
What is the severity of CVE-2019-18604?
CVE-2019-18604 is classified as a medium severity vulnerability due to potential security risks associated with mishandled sprintf calls.
2
How do I fix CVE-2019-18604?
To remediate CVE-2019-18604, update axohelp to version 1.3 or higher and axodraw2 to version 2.1.1 or higher.
3
Which software is affected by CVE-2019-18604?
CVE-2019-18604 affects axohelp versions before 1.3 and axodraw2 versions before 2.1.1b.
4
Where can I find patched versions for CVE-2019-18604?
Patched versions for CVE-2019-18604 are available in texlive-bin packages for various distributions including Ubuntu and Debian.
5
What types of attacks can CVE-2019-18604 potentially allow?
CVE-2019-18604 can potentially lead to arbitrary code execution due to improper handling of input in sprintf functions.