Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU96489
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46048
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in texk/web2c/pdftexdir/writet1.c. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package texlive to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libkpathsea6-debuginfo: before 6.2.0dev-22.11.1
libkpathsea6: before 6.2.0dev-22.11.1
texlive-bibtex-bin: before 2013.20130620.svn30088-22.11.1
texlive-kpathsea-bin-debuginfo: before 2013.20130620.svn30088-22.11.1
texlive-lacheck-bin-debuginfo: before 2013.20130620.svn30088-22.11.1
texlive-pdftex-bin: before 2013.20130620.svn30845-22.11.1
texlive-dvipdfmx-bin-debuginfo: before 2013.20130620.svn30845-22.11.1
texlive: before 2013.20130620-22.11.1
texlive-seetexk-bin-debuginfo: before 2013.20130620.svn30088-22.11.1
texlive-lacheck-bin: before 2013.20130620.svn30088-22.11.1
texlive-dviljk-bin: before 2013.20130620.svn30088-22.11.1
texlive-mfware-bin: before 2013.20130620.svn30088-22.11.1
texlive-latex-bin-bin: before 2013.20130620.svn14050-22.11.1
texlive-checkcites-bin: before 2013.20130620.svn25623-22.11.1
texlive-xetex-bin-debuginfo: before 2013.20130620.svn30845-22.11.1
texlive-ptexenc-devel: before 1.3.2dev-22.11.1
texlive-kpathsea-devel: before 6.2.0dev-22.11.1
texlive-vlna-bin-debuginfo: before 2013.20130620.svn30088-22.11.1
texlive-context-bin: before 2013.20130620.svn29741-22.11.1
texlive-dvips-bin: before 2013.20130620.svn30088-22.11.1
texlive-lua2dox-bin: before 2013.20130620.svn29053-22.11.1
texlive-tex4ht-bin: before 2013.20130620.svn30088-22.11.1
texlive-gsftopk-bin: before 2013.20130620.svn30088-22.11.1
texlive-makeindex-bin-debuginfo: before 2013.20130620.svn30088-22.11.1
texlive-splitindex-bin: before 2013.20130620.svn29688-22.11.1
texlive-kpathsea-bin: before 2013.20130620.svn30088-22.11.1
texlive-dvips-bin-debuginfo: before 2013.20130620.svn30088-22.11.1
texlive-pstools-bin: before 2013.20130620.svn30088-22.11.1
texlive-cweb-bin: before 2013.20130620.svn30088-22.11.1
texlive-web-bin-debuginfo: before 2013.20130620.svn30088-22.11.1
texlive-metafont-bin-debuginfo: before 2013.20130620.svn30088-22.11.1
texlive-tetex-bin: before 2013.20130620.svn29741-22.11.1
libptexenc1: before 1.3.2dev-22.11.1
texlive-vlna-bin: before 2013.20130620.svn30088-22.11.1
texlive-luaotfload-bin: before 2013.20130620.svn30313-22.11.1
texlive-dvidvi-bin: before 2013.20130620.svn30088-22.11.1
texlive-gsftopk-bin-debuginfo: before 2013.20130620.svn30088-22.11.1
texlive-tex-bin-debuginfo: before 2013.20130620.svn30088-22.11.1
texlive-pdftex-bin-debuginfo: before 2013.20130620.svn30845-22.11.1
texlive-dvisvgm-bin-debuginfo: before 2013.20130620.svn30613-22.11.1
texlive-mptopdf-bin: before 2013.20130620.svn18674-22.11.1
texlive-bibtex-bin-debuginfo: before 2013.20130620.svn30088-22.11.1
texlive-bin-devel: before 2013.20130620-22.11.1
texlive-metafont-bin: before 2013.20130620.svn30088-22.11.1
texlive-dvipng-bin-debuginfo: before 2013.20130620.svn30845-22.11.1
texlive-xetex-bin: before 2013.20130620.svn30845-22.11.1
texlive-dviljk-bin-debuginfo: before 2013.20130620.svn30088-22.11.1
texlive-tex-bin: before 2013.20130620.svn30088-22.11.1
texlive-metapost-bin-debuginfo: before 2013.20130620.svn30845-22.11.1
texlive-dvipng-bin: before 2013.20130620.svn30845-22.11.1
texlive-pstools-bin-debuginfo: before 2013.20130620.svn30088-22.11.1
texlive-metapost-bin: before 2013.20130620.svn30845-22.11.1
texlive-dvipdfmx-bin: before 2013.20130620.svn30845-22.11.1
libptexenc1-debuginfo: before 1.3.2dev-22.11.1
texlive-cweb-bin-debuginfo: before 2013.20130620.svn30088-22.11.1
texlive-dviasm-bin: before 2013.20130620.svn8329-22.11.1
texlive-debugsource: before 2013.20130620-22.11.1
texlive-mfware-bin-debuginfo: before 2013.20130620.svn30088-22.11.1
texlive-texconfig-bin: before 2013.20130620.svn29741-22.11.1
texlive-jadetex-bin: before 2013.20130620.svn3006-22.11.1
texlive-seetexk-bin: before 2013.20130620.svn30088-22.11.1
texlive-thumbpdf-bin: before 2013.20130620.svn6898-22.11.1
texlive-xdvi-bin-debuginfo: before 2013.20130620.svn30088-22.11.1
texlive-luatex-bin-debuginfo: before 2013.20130620.svn30845-22.11.1
texlive-xdvi-bin: before 2013.20130620.svn30088-22.11.1
texlive-luatex-bin: before 2013.20130620.svn30845-22.11.1
texlive-dvidvi-bin-debuginfo: before 2013.20130620.svn30088-22.11.1
texlive-web-bin: before 2013.20130620.svn30088-22.11.1
texlive-xmltex-bin: before 2013.20130620.svn3006-22.11.1
texlive-makeindex-bin: before 2013.20130620.svn30088-22.11.1
texlive-dvisvgm-bin: before 2013.20130620.svn30613-22.11.1
texlive-tex4ht-bin-debuginfo: before 2013.20130620.svn30088-22.11.1
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20241296-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.