Use of Externally-Controlled Format String
CVE-2015-8106
Summary
Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- HIGH
CWE-134 - Use of Externally-Controlled Format String
The software uses a function that accepts a format string as an argument, but the format string originates from an external source.
References
Advisory Timeline
- Published