UBUNTU-CVE-2023-32668
- Source
- https://ubuntu.com/security/CVE-2023-32668
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-32668.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-32668
- Upstream
- Downstream
- Related
- Published
- 2023-05-11T06:15:00Z
- Modified
- 2025-10-24T05:02:02Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
- References
-
- https://ubuntu.com/security/CVE-2023-32668
- https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/blob/b266ef076c96b382cd23a4c93204e247bb98626a/source/texk/web2c/luatexdir/ChangeLog#L1-L3
- https://tug.org/pipermail/tex-live/2023-May/049188.html
- https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0
- https://ubuntu.com/security/notices/USN-6695-1
- https://www.cve.org/CVERecord?id=CVE-2023-32668
Affected packages
Ubuntu:16.04:LTS / texlive-bin
Package
- Name
- texlive-bin
- Purl
- pkg:deb/ubuntu/texlive-bin@2015.20160222.37495-1ubuntu0.1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2015.*
2015.20150524.37493-5build1
2015.20150524.37493-7
2015.20150524.37493-7build1
2015.20150524.37493-7build4
2015.20160222.37495-1
2015.20160222.37495-1ubuntu0.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "2015.20160222.37495-1ubuntu0.1",
"binary_name": "libkpathsea-dev"
},
{
"binary_version": "2015.20160222.37495-1ubuntu0.1",
"binary_name": "libkpathsea6"
},
{
"binary_version": "2015.20160222.37495-1ubuntu0.1",
"binary_name": "libptexenc-dev"
},
{
"binary_version": "2015.20160222.37495-1ubuntu0.1",
"binary_name": "libptexenc1"
},
{
"binary_version": "2015.20160222.37495-1ubuntu0.1",
"binary_name": "libsynctex-dev"
},
{
"binary_version": "2015.20160222.37495-1ubuntu0.1",
"binary_name": "libsynctex1"
},
{
"binary_version": "2015.20160222.37495-1ubuntu0.1",
"binary_name": "libtexlua52"
},
{
"binary_version": "2015.20160222.37495-1ubuntu0.1",
"binary_name": "libtexlua52-dev"
},
{
"binary_version": "2015.20160222.37495-1ubuntu0.1",
"binary_name": "libtexluajit-dev"
},
{
"binary_version": "2015.20160222.37495-1ubuntu0.1",
"binary_name": "libtexluajit2"
},
{
"binary_version": "2015.20160222.37495-1ubuntu0.1",
"binary_name": "texlive-binaries"
}
]
}
Ubuntu:18.04:LTS / texlive-bin
Package
- Name
- texlive-bin
- Purl
- pkg:deb/ubuntu/texlive-bin@2017.20170613.44572-8ubuntu0.2?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2017.*
2017.20170613.44572-5build1
2017.20170613.44572-5build2
2017.20170613.44572-6
2017.20170613.44572-6build1
2017.20170613.44572-6ubuntu1
2017.20170613.44572-8build1
2017.20170613.44572-8ubuntu0.1
2017.20170613.44572-8ubuntu0.2
Ecosystem specific
{
"binaries": [
{
"binary_version": "2017.20170613.44572-8ubuntu0.2",
"binary_name": "libkpathsea-dev"
},
{
"binary_version": "2017.20170613.44572-8ubuntu0.2",
"binary_name": "libkpathsea6"
},
{
"binary_version": "2017.20170613.44572-8ubuntu0.2",
"binary_name": "libptexenc-dev"
},
{
"binary_version": "2017.20170613.44572-8ubuntu0.2",
"binary_name": "libptexenc1"
},
{
"binary_version": "2017.20170613.44572-8ubuntu0.2",
"binary_name": "libsynctex-dev"
},
{
"binary_version": "2017.20170613.44572-8ubuntu0.2",
"binary_name": "libsynctex1"
},
{
"binary_version": "2017.20170613.44572-8ubuntu0.2",
"binary_name": "libtexlua52"
},
{
"binary_version": "2017.20170613.44572-8ubuntu0.2",
"binary_name": "libtexlua52-dev"
},
{
"binary_version": "2017.20170613.44572-8ubuntu0.2",
"binary_name": "libtexluajit-dev"
},
{
"binary_version": "2017.20170613.44572-8ubuntu0.2",
"binary_name": "libtexluajit2"
},
{
"binary_version": "2017.20170613.44572-8ubuntu0.2",
"binary_name": "texlive-binaries"
}
]
}
Ubuntu:20.04:LTS / texlive-bin
Package
- Name
- texlive-bin
- Purl
- pkg:deb/ubuntu/texlive-bin@2019.20190605.51237-3ubuntu0.2?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2019.20190605.51237-3ubuntu0.2
Affected versions
2019.*
2019.20190605.51237-2build1
2019.20190605.51237-3
2019.20190605.51237-3build1
2019.20190605.51237-3build2
2019.20190605.51237-3ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libkpathsea-dev"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libkpathsea6"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libptexenc-dev"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libptexenc1"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libsynctex-dev"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libsynctex2"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libtexlua53"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libtexlua53-dev"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libtexluajit-dev"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "libtexluajit2"
},
{
"binary_version": "2019.20190605.51237-3ubuntu0.2",
"binary_name": "texlive-binaries"
}
]
}
Ubuntu:22.04:LTS / texlive-bin
Package
- Name
- texlive-bin
- Purl
- pkg:deb/ubuntu/texlive-bin@2021.20210626.59705-1ubuntu0.2?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2021.20210626.59705-1ubuntu0.2
Affected versions
2020.*
2020.20200327.54578-7
2020.20200327.54578-7build1
2021.*
2021.20210626.59705-1
2021.20210626.59705-1build1
2021.20210626.59705-1ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libkpathsea-dev"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libkpathsea6"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libptexenc-dev"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libptexenc1"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libsynctex-dev"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libsynctex2"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libtexlua53"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libtexlua53-dev"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libtexluajit-dev"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "libtexluajit2"
},
{
"binary_version": "2021.20210626.59705-1ubuntu0.2",
"binary_name": "texlive-binaries"
}
]
}