Buffer overflow on axohelp

Nicolas Waisman nico at semmle.com
Fri Jul 19 11:15:07 CEST 2019


Sorry about that Karl. Where I look for a contact, it mention this as the
place to report "bugs", it was not every specific :D, I should have dig
more.

Thanks again
Nico
PS: Please let me know when you have a patch

On Thu, 18 Jul 2019 at 18:12, Karl Berry <karl at freefriends.org> wrote:

>     There is a buffer overflow on the way axohelp handle the .ax1 files.
>
> Thanks for the report. I forwarded it to the axohelp author, John
> Collins.  I expect one of us will fix it soon (in the sources at least),
> one way or another.
>
>     coordinate my disclosure
>
> Well, since you sent the report to a public list instead of our
> "security" list (tlsecurity at tug.org), it is already disclosed. Not that
> I think this particular vulnerability is drop-everything crucial;
> axohelp is rarely used and has no special privileges.
>
> Thanks again. --karl
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://tug.org/pipermail/tex-live/attachments/20190719/af46deef/attachment.html>


More information about the tex-live mailing list