CVE-2023-46051 : TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/touni

TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem.

Published 2024-03-27 00:00:00

Updated 2024-11-29 15:15:16

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2023-46051

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2023-46051

EPSS FAQ

0.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 1 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-46051

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L	1.8	1.4	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-11-29
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: Low

CWE ids for CVE-2023-46051

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2023-46051

http://seclists.org/fulldisclosure/2024/Jan/68

Full Disclosure: null pointer deference in tex-live
https://tug.org/pipermail/tex-live/2023-August/049406.html

Possible SEGV (null pointer dereferene) in tounicode.c - tex-live mailing list - TeX Users Group

Jump to

Vulnerability Details : CVE-2023-46051

Products affected by CVE-2023-46051

Exploit prediction scoring system (EPSS) score for CVE-2023-46051

CVSS scores for CVE-2023-46051

CWE ids for CVE-2023-46051

References for CVE-2023-46051