CVE-2024-43426

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-43426

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43426.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-43426

Aliases

Downstream

UBUNTU-CVE-2024-43426

Published

2024-11-07T14:15:15.510Z

Modified

2025-11-20T12:30:20.904543Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type: GIT
Repo: https://github.com/moodle/moodle
Events: Introduced

0ea3d45e04c3d54a3a472ddcb11606b30e227c50

Fixed

aea9770cfc7d003a737f4899489d1e3982efe9ac

Affected versions

v4.*

v4.1.0

v4.1.1

v4.1.10

v4.1.11

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.1.6

v4.1.7

v4.1.8

v4.1.9