CVE-2015-8106

HIGH

latex2rtf <2.3.10 - RCE

Title source: llm

Description

Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file.

References (6)

[Mailing List] http://www.openwall.com/lists/oss-security/2015/11/16/3

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181276.html

[Product] https://sourceforge.net/p/latex2rtf/code/1244/

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181677.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181725.html

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=1282492

Scores

CVSS v3 7.8

EPSS 0.0088

EPSS Percentile 75.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-134

Status published

Products (4)

fedoraproject/fedora 22

fedoraproject/fedora 23

fedoraproject/fedora 24

latex2rtf_project/latex2rtf 2.3.8

Published Apr 18, 2016

Tracked Since Feb 18, 2026