CVE-2024-43426
moderate-risk
Published 2024-11-07
A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.
Do I need to act?
-
0.91% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (2)
Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=2304254
Vendor Advisory
https://moodle.org/mod/forum/discuss.php?d=461194
34
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
3/34 · Minimal
Exposure
5/34 · Minimal