← Back

Ctan

ctan

8 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Mathtex
mathtex
6 CVEs
Mimetex
mimetex
2 CVEs

CVEs (8)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-40446
1Ctan
1Mimetex
Jun 17, 2026
Apr 22, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script
CVE-2024-40445
1Ctan
1Mimetex
Jun 17, 2026
Apr 22, 2025
N/A· v4
7.3 HIGH· v3
N/A· v2
A directory traversal vulnerability in forkosh Mime TeX before version 1.77 allows attackers on Windows systems to read or append arbitrary files by manipulating crafted input paths.
CVE-2023-51890
1Ctan
1Mathtex
Jun 17, 2026
Jan 24, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL.
CVE-2023-51889
1Ctan
1Mathtex
Jun 17, 2026
Jan 24, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL.
CVE-2023-51888
1Ctan
1Mathtex
Jun 17, 2026
Jan 24, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL.
CVE-2023-51887
1Ctan
1Mathtex
Jun 17, 2026
Jan 24, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL.
CVE-2023-51886
1Ctan
1Mathtex
Jun 17, 2026
Jan 24, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using \convertpath.
CVE-2023-51885
1Ctan
1Mathtex
Jun 17, 2026
Jan 24, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component.