CVE-2024-43426

Source
https://cve.org/CVERecord?id=CVE-2024-43426
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43426.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-43426
Aliases
Downstream
Published
2024-11-07T13:22:42.839Z
Modified
2026-07-08T06:27:32.743232212Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Moodle: arbitrary file read risk through pdftex
Details

A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43426.json",
    "cna_assigner": "fedora"
}
References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "4.1.0"
        },
        {
            "fixed": "4.1.12"
        },
        {
            "introduced": "4.2.0"
        },
        {
            "fixed": "4.2.9"
        },
        {
            "introduced": "4.3.0"
        },
        {
            "fixed": "4.3.6"
        },
        {
            "introduced": "4.4.0"
        },
        {
            "fixed": "4.4.2"
        }
    ]
}

Affected versions

v4.*
v4.1.0
v4.1.1
v4.1.10
v4.1.11
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.2.8
v4.3.0
v4.3.1
v4.3.2
v4.3.3
v4.3.4
v4.3.5
v4.4.0
v4.4.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43426.json"