DEBIAN-CVE-2024-29073

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2024-29073

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-29073.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2024-29073

Upstream

CVE-2024-29073

Published

2024-07-22T15:15:02.943Z

Modified

2025-11-20T10:17:10.553543Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.

References

https://security-tracker.debian.org/tracker/CVE-2024-29073

Affected packages

Debian:11 / anki

Package

Name: anki
Purl: pkg:deb/debian/anki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.15+dfsg-3

2.1.15+dfsg-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-29073.json"