Buffer overflow on axohelp

Karl Berry karl at freefriends.org
Thu Jul 18 23:12:08 CEST 2019


    There is a buffer overflow on the way axohelp handle the .ax1 files.

Thanks for the report. I forwarded it to the axohelp author, John
Collins.  I expect one of us will fix it soon (in the sources at least),
one way or another.

    coordinate my disclosure

Well, since you sent the report to a public list instead of our
"security" list (tlsecurity at tug.org), it is already disclosed. Not that
I think this particular vulnerability is drop-everything crucial;
axohelp is rarely used and has no special privileges.

Thanks again. --karl



More information about the tex-live mailing list