Vulnerability Details CVE-2009-1383
The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578
- http://secunia.com/advisories/35816
- http://www.ocert.org/advisories/ocert-2009-010.html
- http://www.securityfocus.com/archive/1/504919/100/0/threaded
- http://www.vupen.com/english/advisories/2009/1875
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51795
- http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578
- http://secunia.com/advisories/35816
- http://www.ocert.org/advisories/ocert-2009-010.html
- http://www.securityfocus.com/archive/1/504919/100/0/threaded
- http://www.vupen.com/english/advisories/2009/1875
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51795