UBUNTU-CVE-2024-29073

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-29073

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-29073.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-29073

Related

CVE-2024-29073

Published

2024-07-22T15:15:00Z

Modified

2024-10-15T14:14:09Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.

References

Affected packages

Ubuntu:Pro:16.04:LTS / anki

Package

Name: anki
Purl: pkg:deb/ubuntu/anki?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.32+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / anki

Package

Name: anki
Purl: pkg:deb/ubuntu/anki?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.0+dfsg~a12-0.1

2.1.0+dfsg~b24-1

2.1.0+dfsg~b25-1

2.1.0+dfsg~b26-1

2.1.0+dfsg~b27-1

2.1.0+dfsg~b29-1

2.1.0+dfsg~b31-1

2.1.0+dfsg~b33-1

2.1.0+dfsg~b34-1

2.1.0+dfsg~b35-1

2.1.0+dfsg~b36-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / anki

Package

Name: anki
Purl: pkg:deb/ubuntu/anki?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.8+dfsg-1ubuntu1

2.1.15+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / anki

Package

Name: anki
Purl: pkg:deb/ubuntu/anki?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.15+dfsg-3

2.1.15+dfsg-3ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / anki

Package

Name: anki
Purl: pkg:deb/ubuntu/anki?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.15+dfsg-3ubuntu4

2.1.15+dfsg-4ubuntu1

2.1.15+dfsg-4ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / anki

Package

Name: anki
Purl: pkg:deb/ubuntu/anki?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.15+dfsg-3ubuntu1

2.1.15+dfsg-3ubuntu2

2.1.15+dfsg-3ubuntu3

2.1.15+dfsg-3ubuntu4

2.1.15+dfsg-3ubuntu4.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}