{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-32700", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T15:25:36.342Z", "dateReserved": "2023-05-11T00:00:00", "datePublished": "2023-05-20T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-06-04T00:00:00"}, "descriptions": [{"lang": "en", "value": "LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://tug.org/pipermail/tex-live/2023-May/049188.html"}, {"url": "https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0"}, {"url": "https://github.com/TeX-Live/texlive-source/releases/tag/build-svn66984"}, {"url": "https://tug.org/~mseven/luatex.html"}, {"name": "FEDORA-2023-38094d905c", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLY43MIRONJSJVNBDFQHQ26MP3JIOB3H/"}, {"name": "FEDORA-2023-d261122726", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF6YXUUFRGBIXIIIEV5SGBJXXT2SMUK5/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:25:36.342Z"}, "title": "CVE Program Container", "references": [{"url": "https://tug.org/pipermail/tex-live/2023-May/049188.html", "tags": ["x_transferred"]}, {"url": "https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0", "tags": ["x_transferred"]}, {"url": "https://github.com/TeX-Live/texlive-source/releases/tag/build-svn66984", "tags": ["x_transferred"]}, {"url": "https://tug.org/~mseven/luatex.html", "tags": ["x_transferred"]}, {"name": "FEDORA-2023-38094d905c", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLY43MIRONJSJVNBDFQHQ26MP3JIOB3H/"}, {"name": "FEDORA-2023-d261122726", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF6YXUUFRGBIXIIIEV5SGBJXXT2SMUK5/"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:luatex_project:luatex:*:*:*:*:*:*:*:*", "matchCriteriaId": "0CC436A6-682A-42AD-8A48-9DE9DC45DAF4", "versionEndExcluding": "1.16.2", "versionStartIncluding": "1.04", "vulnerable": true}, {"criteria": "cpe:2.3:a:miktex:miktex:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F1F072F-1CC4-4C21-822E-19B37F47DEB0", "versionEndExcluding": "23.5", "versionStartIncluding": "2.9.6300", "vulnerable": true}, {"criteria": "cpe:2.3:a:tug:tex_live:*:*:*:*:*:*:*:*", "matchCriteriaId": "E388AE22-25C9-4F24-90A6-7E5C42EFC224", "versionEndExcluding": "2023", "versionStartIncluding": "2017", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5."}], "id": "CVE-2023-32700", "lastModified": "2023-11-07T04:14:39.903", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-20T18:15:09.370", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/TeX-Live/texlive-source/releases/tag/build-svn66984"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLY43MIRONJSJVNBDFQHQ26MP3JIOB3H/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TF6YXUUFRGBIXIIIEV5SGBJXXT2SMUK5/"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://tug.org/pipermail/tex-live/2023-May/049188.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://tug.org/~mseven/luatex.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Max Chernoff (mseven@telus.net) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2023:3661", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "texlive-7:20180414-29.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-06-19T00:00:00Z"}, {"advisory": "RHSA-2023:3661", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "texlive-7:20180414-15.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-06-19T00:00:00Z"}, {"advisory": "RHSA-2023:3661", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "texlive-7:20180414-15.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-06-19T00:00:00Z"}, {"advisory": "RHSA-2023:3661", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "texlive-7:20180414-15.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-06-19T00:00:00Z"}, {"advisory": "RHSA-2023:3661", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "texlive-7:20180414-15.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-06-19T00:00:00Z"}, {"advisory": "RHSA-2023:3661", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "texlive-7:20180414-21.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-06-19T00:00:00Z"}, {"advisory": "RHSA-2023:3661", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "texlive-7:20180414-21.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-06-19T00:00:00Z"}, {"advisory": "RHSA-2023:3661", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "texlive-7:20180414-21.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-06-19T00:00:00Z"}, {"advisory": "RHSA-2023:3661", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "texlive-7:20180414-26.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-06-19T00:00:00Z"}, {"advisory": "RHSA-2023:3661", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "texlive-9:20200406-26.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-06-19T00:00:00Z"}, {"advisory": "RHSA-2023:3661", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "texlive-9:20200406-26.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-06-19T00:00:00Z"}], "bugzilla": {"description": "texlive: arbitrary code execution allows document complied with older version", "id": "2208943", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208943"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-77", "details": ["LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.", "An arbitrary code execution vulnerability was found in LuaTeX (TeX Live) that allows any document compiled with older versions of LuaTeX to execute arbitrary shell commands, even with shell escape disabled."], "name": "CVE-2023-32700", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "texlive", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-05-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-32700\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32700"], "threat_severity": "Important"}