Vulnerability Details CVE-2019-18604
In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/TeX-Live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079#diff-987e40c0e27ee43f6a2414ada73a191a
- https://lists.debian.org/debian-lts-announce/2023/05/msg00033.html
- https://github.com/TeX-Live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079#diff-987e40c0e27ee43f6a2414ada73a191a
- https://lists.debian.org/debian-lts-announce/2023/05/msg00033.html
Products affected by CVE-2019-18604
-
cpe:2.3:a:axodraw2_project:axodraw2:2.1.0
-
cpe:2.3:a:axodraw2_project:axodraw2:2.1.1
-
cpe:2.3:a:axohelp.c_project:axohelp.c:1.0
-
cpe:2.3:a:axohelp.c_project:axohelp.c:1.1