CVE-2024-40446

CRITICAL

MimeTex < 1.77 - Remote Code Execution via Crafted Script

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-40446. PoCs published by TaiYou-TW.

AI-analyzed exploit summary This repository provides a technical overview of CVE-2024-40445 (directory traversal) and CVE-2024-40446 (code injection) in MimeTeX, including affected versions, mitigation advice, and references to vendor advisories. No exploit code is included, but the analysis is detailed and legitimate.

Description

An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script

Exploits (1)

github WRITEUP

by TaiYou-TW · poc

https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446

View Code ZIP pw:eip

This repository provides a technical overview of CVE-2024-40445 (directory traversal) and CVE-2024-40446 (code injection) in MimeTeX, including affected versions, mitigation advice, and references to vendor advisories. No exploit code is included, but the analysis is detailed and legitimate.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: MimeTeX (versions prior to 1.77)

No auth needed

Prerequisites: Access to MimeTeX in CLI or CGI mode · Crafted input string for exploitation

MITRE ATT&CK

T1006 - Direct Volume Access T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Mitigation, Third Party Advisory

https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446/

View Writeup ZIP pw:eip

Broken Link

https://youtu.be/S3cmZkWIi6o

Scores

CVSS v3 9.8

EPSS 0.0060

EPSS Percentile 44.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

ctan/mimetex < 1.77

Published Apr 22, 2025

Tracked Since Feb 18, 2026