CVE-2009-2461

EUVD-2009-2456
mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
forkoshmathtex
𝑥
≤ 1.02
forkoshmathtex
1.00
forkoshmathtex
1.01
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mathtex
bookworm
1.03-1.1
fixed
bullseye
1.03-1
fixed
sid
1.03-3
fixed
trixie
1.03-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mathtex
dapper
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
ignored
lucid
not-affected
maverick
not-affected
natty
not-affected
Common Weakness Enumeration
References
http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578
http://secunia.com/advisories/35816
http://www.ocert.org/advisories/ocert-2009-010.html
http://www.securityfocus.com/archive/1/504919/100/0/threaded
http://www.vupen.com/english/advisories/2009/1875
https://exchange.xforce.ibmcloud.com/vulnerabilities/51797
http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578
http://secunia.com/advisories/35816
http://www.ocert.org/advisories/ocert-2009-010.html
http://www.securityfocus.com/archive/1/504919/100/0/threaded
http://www.vupen.com/english/advisories/2009/1875
https://exchange.xforce.ibmcloud.com/vulnerabilities/51797