MGASA-2015-0453

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0453.html

Import Source

https://advisories.mageia.org/MGASA-2015-0453.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2015-0453

Upstream

CVE-2015-8106

Published

2015-11-19T22:08:19Z

Modified

2026-04-16T06:25:49.670539020Z

Summary

Updated latex2rtf packages fix security vulnerability

Details

A format string vulnerability was found in CmdKeywords function when processing \keywords command in tex file. When the user runs latex2rtf with malicious crafted tex file, an attacker can execute arbitrary code. The variable 'keywords' in the function CmdKeywords may hold a malicious input string, which can be used as a format argument of vsnprintf (CVE-2015-8106).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / latex2rtf

Package

Name: latex2rtf
Purl: pkg:rpm/mageia/latex2rtf?arch=source&distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.8-3.1.mga5

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0453.json"