CVE-2024-40445

HIGH

Forkosh Mime TeX <1.77 - Path Traversal

Title source: llm

Description

A directory traversal vulnerability in forkosh Mime TeX before version 1.77 allows attackers on Windows systems to read or append arbitrary files by manipulating crafted input paths.

Exploits (1)

nomisec WRITEUP

by TaiYou-TW · poc

https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446

View Code ZIP pw:eip

References (4)

[Product] https://github.com/Oefenweb/mimetex/blob/master/mimetex.c#L12414-L12423

[Mitigation, Third Party Advisory] https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446/

[Broken Link] https://youtu.be/OII16TteaJw

[Broken Link] https://youtu.be/W2KPHFNfgrg

Scores

CVSS v3 7.3

EPSS 0.0007

EPSS Percentile 21.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (1)

ctan/mimetex < 1.77

Published Apr 22, 2025

Tracked Since Feb 18, 2026