ByteOS Network

texlive

Source -

NVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

3Vulnerabilities found

CVE-2015-0296

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.08% / 25.14%

7 Day CHG~0.00%

Published-06 Oct, 2017 | 22:00

Updated-20 Apr, 2025 | 01:37

The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.

Vendor-tug n/a Fedora Project

Product-fedora texlive n/a

CVE-2015-5700

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.18% / 40.32%

7 Day CHG~0.00%

Published-25 Aug, 2017 | 18:00

Updated-20 Apr, 2025 | 01:37

mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.

Vendor-tug n/a

Product-texlive n/a

CWE ID-CWE-59

Improper Link Resolution Before File Access ('Link Following')

CVE-2015-5701

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.19% / 41.37%

7 Day CHG~0.00%

Published-25 Aug, 2017 | 18:00

Updated-20 Apr, 2025 | 01:37

mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.

Vendor-tug n/a

Product-texlive n/a

CWE ID-CWE-59

Improper Link Resolution Before File Access ('Link Following')