Buffer overflow on axohelp
karl at freefriends.org
Thu Jul 18 23:12:08 CEST 2019
There is a buffer overflow on the way axohelp handle the .ax1 files.
Thanks for the report. I forwarded it to the axohelp author, John
Collins. I expect one of us will fix it soon (in the sources at least),
one way or another.
coordinate my disclosure
Well, since you sent the report to a public list instead of our
"security" list (tlsecurity at tug.org), it is already disclosed. Not that
I think this particular vulnerability is drop-everything crucial;
axohelp is rarely used and has no special privileges.
Thanks again. --karl
More information about the tex-live