CVE-2024-29073

EUVD-2024-2446
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
talosCNA
5.3 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
ankiwebanki
24.04
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
ankitectsanki
24.4
CNA
Debian logo
Debian Releases
Debian Product
Codename
anki
bullseye
vulnerable
Common Weakness Enumeration
References
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1992
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1992
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1992