Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU96489
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46048
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in texk/web2c/pdftexdir/writet1.c. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
texlive-yplan: before 20180414-38
texlive-xmltex: before 20180414-38
texlive-wordcount: before 20180414-38
texlive-vpe: before 20180414-38
texlive-urlbst: before 20180414-38
texlive-ulqda: before 20180414-38
texlive-typeoutfileinfo: before 20180414-38
texlive-tpic2pdftex: before 20180414-38
texlive-thumbpdf: before 20180414-38
texlive-texsis: before 20180414-38
texlive-texosquery: before 20180414-38
texlive-texloganalyser: before 20180414-38
texlive-texliveonfly: before 20180414-38
texlive-texlive.infra: before 20180414-38
texlive-texlive-scripts: before 20180414-38
texlive-texlive-en: before 20180414-38
texlive-texfot: before 20180414-38
texlive-texdoctk: before 20180414-38
texlive-texdoc: before 20180414-38
texlive-texdirflatten: before 20180414-38
texlive-texdiff: before 20180414-38
texlive-texdef: before 20180414-38
texlive-texcount: before 20180414-38
texlive-texconfig: before 20180414-38
texlive-tex4ebook: before 20180414-38
texlive-tetex: before 20180414-38
texlive-svn-multi: before 20180414-38
texlive-sty2dtx: before 20180414-38
texlive-srcredact: before 20180414-38
texlive-splitindex: before 20180414-38
texlive-rubik: before 20180414-38
texlive-pythontex: before 20180414-38
texlive-pygmentex: before 20180414-38
texlive-purifyeps: before 20180414-38
texlive-ptex2pdf: before 20180414-38
texlive-ptex-fontmaps: before 20180414-38
texlive-pst2pdf: before 20180414-38
texlive-pst-pdf: before 20180414-38
texlive-pmxchords: before 20180414-38
texlive-pkfix-helper: before 20180414-38
texlive-pkfix: before 20180414-38
texlive-pfarrei: before 20180414-38
texlive-petri-nets: before 20180414-38
texlive-perltex: before 20180414-38
texlive-pedigree-perl: before 20180414-38
texlive-pdfxup: before 20180414-38
texlive-pdflatexpicscale: before 20180414-38
texlive-pdfjam: before 20180414-38
texlive-pdfcrop: before 20180414-38
texlive-pdfbook2: before 20180414-38
texlive-pax: before 20180414-38
texlive-oberdiek: before 20180414-38
texlive-musixtex: before 20180414-38
texlive-multibibliography: before 20180414-38
texlive-mptopdf: before 20180414-38
texlive-mltex: before 20180414-38
texlive-mkpic: before 20180414-38
texlive-mkjobtexmf: before 20180414-38
texlive-mkgrkindex: before 20180414-38
texlive-mf2pt1: before 20180414-38
texlive-mex: before 20180414-38
texlive-mathspic: before 20180414-38
texlive-match_parens: before 20180414-38
texlive-makedtx: before 20180414-38
texlive-make4ht: before 20180414-38
texlive-lyluatex: before svn47584-38
texlive-lwarp: before 20180414-38
texlive-luaotfload: before 20180414-38
texlive-lua2dox: before 20180414-38
texlive-ltximg: before 20180414-38
texlive-ltxfileinfo: before 20180414-38
texlive-lollipop: before 20180414-38
texlive-listings-ext: before 20180414-38
texlive-listbib: before 20180414-38
texlive-lilyglyphs: before 20180414-38
texlive-latexpand: before 20180414-38
texlive-latexindent: before 20180414-38
texlive-latexfileversion: before 20180414-38
texlive-latexdiff: before 20180414-38
texlive-latex2nemeth: before 20180414-38
texlive-latex2man: before 20180414-38
texlive-latex-papersize: before 20180414-38
texlive-latex-git-log: before 20180414-38
texlive-latex: before 20180414-38
texlive-l3build: before 20180414-38
texlive-kotex-utils: before 20180414-38
texlive-jfmutil: before 20180414-38
texlive-jadetex: before 20180414-38
texlive-installfont: before 20180414-38
texlive-glyphlist: before 20180414-38
texlive-glossaries: before 20180414-38
texlive-getmap: before 20180414-38
texlive-fragmaster: before 20180414-38
texlive-fontools: before 20180414-38
texlive-fontinst: before 20180414-38
texlive-findhyph: before 20180414-38
texlive-fig4latex: before 20180414-38
texlive-exceltex: before 20180414-38
texlive-epstopdf: before 20180414-38
texlive-epspdf: before 20180414-38
texlive-eplain: before 20180414-38
texlive-ebong: before 20180414-38
texlive-dviinfox: before 20180414-38
texlive-dviasm: before 20180414-38
texlive-dtxgen: before 20180414-38
texlive-dosepsbin: before 20180414-38
texlive-diadia: before 20180414-38
texlive-de-macro: before 20180414-38
texlive-cyrillic: before 20180414-38
texlive-ctanupload: before 20180414-38
texlive-ctanify: before 20180414-38
texlive-ctan-o-mat: before 20180414-38
texlive-csplain: before 20180414-38
texlive-cslatex: before 20180414-38
texlive-crossrefware: before 20180414-38
texlive-convbkmk: before 20180414-38
texlive-context: before 20180414-38
texlive-checklistings: before 20180414-38
texlive-checkcites: before 20180414-38
texlive-cachepic: before 20180414-38
texlive-bundledoc: before 20180414-38
texlive-bibexport: before 20180414-38
texlive-bib2gls: before 20180414-38
texlive-authorindex: before 20180414-38
texlive-arara: before 20180414-38
texlive-amstex: before 20180414-38
texlive-adhocfilelist: before 20180414-38
texlive-accfonts: before 20180414-38
texlive-a2ping: before 20180414-38
texlive-xetex: before 20180414-38
texlive-xdvi: before 20180414-38
texlive-web: before 20180414-38
texlive-vlna: before 20180414-38
texlive-velthuis: before 20180414-38
texlive-uptex: before 20180414-38
texlive-ttfutils: before 20180414-38
texlive-tie: before 20180414-38
texlive-texware: before 20180414-38
texlive-tex4ht: before 20180414-38
texlive-tex: before 20180414-38
texlive-synctex: before 20180414-38
texlive-seetexk: before 20180414-38
texlive-ptex: before 20180414-38
texlive-pstools: before 20180414-38
texlive-ps2pk: before 20180414-38
texlive-pmx: before 20180414-38
texlive-pdftools: before 20180414-38
texlive-pdftex: before 20180414-38
texlive-patgen: before 20180414-38
texlive-omegaware: before 20180414-38
texlive-musixtnt: before 20180414-38
texlive-mfware: before 20180414-38
texlive-mflua: before 20180414-38
texlive-metapost: before 20180414-38
texlive-metafont: before 20180414-38
texlive-makeindex: before 20180414-38
texlive-m-tx: before 20180414-38
texlive-luatex: before 20180414-38
texlive-lib-devel: before 20180414-38
texlive-lib: before 20180414-38
texlive-lcdftypetools: before 20180414-38
texlive-lacheck: before 20180414-38
texlive-kpathsea: before 20180414-38
texlive-gsftopk: before 20180414-38
texlive-gregoriotex: before 20180414-38
texlive-fontware: before 20180414-38
texlive-dvisvgm: before 20180414-38
texlive-dvips: before 20180414-38
texlive-dvipos: before 20180414-38
texlive-dvipng: before 20180414-38
texlive-dvipdfmx: before 20180414-38
texlive-dviljk: before 20180414-38
texlive-dvidvi: before 20180414-38
texlive-dvicopy: before 20180414-38
texlive-dvi2tty: before 20180414-38
texlive-dtl: before 20180414-38
texlive-detex: before 20180414-38
texlive-cweb: before 20180414-38
texlive-ctie: before 20180414-38
texlive-cjkutils: before 20180414-38
texlive-chktex: before 20180414-38
texlive-bibtexu: before 20180414-38
texlive-bibtex8: before 20180414-38
texlive-bibtex: before 20180414-38
texlive-base-debugsource: before 20180414-38
texlive-base-debuginfo: before 20180414-38
texlive-axodraw2: before 20180414-38
texlive-autosp: before 20180414-38
texlive-aleph: before 20180414-38
texlive-afm2pl: before 20180414-38
texlive-base: before 20180414-38
CPE2.3 External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1999
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.