Vulnerability Description
In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Axohelp.C Project | Axohelp.C | < 1.3 |
| Axodraw2 Project | Axodraw2 | <= 2.1.1 |
References
- https://github.com/TeX-Live/texlive-source/commit/9216833a3888a4105a18e8c349f65bPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/05/msg00033.html
- https://github.com/TeX-Live/texlive-source/commit/9216833a3888a4105a18e8c349f65bPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/05/msg00033.html
FAQ
What is CVE-2019-18604?
CVE-2019-18604 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.
How severe is CVE-2019-18604?
CVE-2019-18604 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-18604?
Check the references section above for vendor advisories and patch information. Affected products include: Axohelp.C Project Axohelp.C, Axodraw2 Project Axodraw2.