CVE-2017-17513

NONE EPSS 66.5%
Published Dec 14, 20178y ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 14, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua.

Threat Intelligence

EPSS Exploit Probability
66.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-74

Affected Products 1

VendorProductVersionRange
tugtex_live* ≤20170524

References 1

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.