CVE-2019-18604
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-18604
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18604.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-18604
- Downstream
- Related
- Published
- 2019-10-29T19:15:19Z
- Modified
- 2025-09-16T07:02:51.274362Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.
- References
Affected packages
Debian:11 / texlive-bin
Package
- Name
- texlive-bin
- Purl
- pkg:deb/debian/texlive-bin?arch=source
Debian:12 / texlive-bin
Package
- Name
- texlive-bin
- Purl
- pkg:deb/debian/texlive-bin?arch=source
Debian:13 / texlive-bin
Package
- Name
- texlive-bin
- Purl
- pkg:deb/debian/texlive-bin?arch=source
Debian:14 / texlive-bin
Package
- Name
- texlive-bin
- Purl
- pkg:deb/debian/texlive-bin?arch=source
Git / github.com/tex-live/texlive-source
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tex-live/texlive-source
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
build-svn50573
build-svn50687
build-svn50777
build-svn50838
build-svn50882
pretest-build-20190228
pretest-build-20190307
pretest-build-20190312
pretest-build-svn50419
pretest-build-svn50430
svn50904
svn51092
texlive-2018.*
texlive-2018.0
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2019-18604-088a66dc",
"digest": {
"length": 1125.0,
"function_hash": "116146999032278722592872546539831817840"
},
"signature_type": "Function",
"target": {
"file": "utils/axodraw2/axodraw2-src/axohelp.c",
"function": "CleanupOutput"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079"
},
{
"id": "CVE-2019-18604-28e32a13",
"digest": {
"length": 88.0,
"function_hash": "120835551869847016785898557085573314633"
},
"signature_type": "Function",
"target": {
"file": "utils/axodraw2/axodraw2-src/axohelp.c",
"function": "SetLineWidth"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079"
},
{
"id": "CVE-2019-18604-2a25b194",
"digest": {
"length": 235.0,
"function_hash": "140367242223970718647118027407078874805"
},
"signature_type": "Function",
"target": {
"file": "utils/axodraw2/axodraw2-src/axohelp.c",
"function": "Bezier"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079"
},
{
"id": "CVE-2019-18604-2bf648fe",
"digest": {
"length": 178.0,
"function_hash": "211541116227318982450337695070021872732"
},
"signature_type": "Function",
"target": {
"file": "utils/axodraw2/axodraw2-src/axohelp.c",
"function": "Rectangle"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079"
},
{
"id": "CVE-2019-18604-4b975700",
"digest": {
"length": 119.0,
"function_hash": "60683288617306485047928209728171496448"
},
"signature_type": "Function",
"target": {
"file": "utils/axodraw2/axodraw2-src/axohelp.c",
"function": "LineTo"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079"
},
{
"id": "CVE-2019-18604-4e60fcc0",
"digest": {
"line_hashes": [
"90498590522619657771106611038580063909",
"14517091361270199960485782171583561068",
"174653432312406668177826230122652183386",
"1328168089591693755285642767528759557",
"68253576661153561637811298115343312559",
"20739495190536612422038539647797725868",
"107714870793651680791309614095108016665",
"119754597417260062252716382388687595023",
"316023858701914795654251413577938162488",
"223448645037099358011013625928407544620",
"93874198251033512661561993275636537144",
"233077870278226606338938644086826688239",
"132345221993627304328875179616180369667",
"88892176781124232004333406020405013946",
"225224394789182788883626847544788418813",
"271340375492405332638923032372858134728",
"302974709379436496046478463939769704242",
"188646398205715288176181986612299755391",
"331586792358726950820281492366670572368",
"335109071340338437425880636784895820793",
"204273070081043729934473381608041778129",
"106283183255776127198012570543512929819",
"8554181236378276731660795886808060321",
"61436248661156690207878492046378787229",
"189084332444461119066957476640649492408",
"203267248024234440213014032241193843841",
"286375952544926629078274604624623529793",
"322859305160199193212523100519598460868",
"100909608028635451788397764490611873395",
"220068750210453312753984535238825320381",
"258666009487275808391547445084730896959",
"243799949817106331483010522402986647365",
"72571929794298499257949608165600103397",
"241404867070301280421565349273349502107",
"314652031132056952559571240402168021867",
"78573907877062859772463689559955462341",
"40369465933207798815807610626504903009",
"19653345528701817879634675682126845766",
"240319341402564416107058129481236191298",
"177238861946963262603810609931270117522",
"332603767450950713408001914344028791991",
"271956508556801271049505104280009997735",
"178127693628558193300208981576671251727",
"94896371432531235263555710262873534449",
"311832280499503402948801499601958408050",
"288572068712881299858377595320669474265",
"127962149202190535208006098131554939586",
"188889558858992025675848533310296075319",
"98596018987701065380996717403305876559",
"219180871763904671914146760941164766808",
"202049712347234935683167592558545278839",
"295283978187557669435913363121536589486",
"37427897002281524966637998042345909021",
"244587479094274424700217800574016787730",
"194513804682447655344887766377602596978",
"254606420019198344751507092548867695714",
"21190939760897903895883187654014691712",
"29547715453398630760809604591188182990",
"102476517764405187726053942226962422817",
"28138073472943879710675048915709676087",
"191021497479759386946140028616010730952",
"207206288060089984259418933714343448431",
"243602085151444965525076290902353115862",
"6363859309512170382675206415090910209",
"104280650930109438797239870500755785508",
"233065987760607927550551816236352759619",
"274021787396151104400217715070819038794",
"309826260960441579968761773477116207634",
"51714816923415117942460785178145658419",
"9581850013693382150805141559158151512",
"308695312504956032684202948961871733007",
"47935535788934920638213107223543610923",
"157649791213778848424784327429986114084",
"39098400746068299492301781565880500992",
"144946260307093302420946911170250675228",
"78874289251931491182842932485159188079",
"31156631895769174772984768094098265127",
"317376880332750220660432697314935700563",
"175519479515359958971976604149841268141",
"267472134453886843013980373388386559930",
"254726971677203893139584513983004334289",
"47060986074281677038850756333778089447",
"92768903660205872461477870702210290467",
"70132952656292773567634948470595126470",
"179887109060639115191781455372641147564",
"336649712776769156193966602664356465070",
"108280746378987131316474994218608497750",
"182094757673451228595745161600685448273",
"302545264088779073636486757096530262543",
"158242967596505433785913876538503373366",
"8273760329472952891662322928712053975",
"275933212068434329346231726280502989755",
"150710488946263626054437016584143133748",
"16643876786893807392347814265616721829",
"172062900951902777570754620033087447212",
"269900610676940789166207578200277286820",
"208626400511570851281713807539556426533",
"98989286145974349653054967364131919375",
"336735744901902028002030496540549248641",
"259655422002939217719301252592902446100",
"246423639334341437922347427976521992388",
"237172327126995752551350426269466260549",
"335165076958235489986071716089724632193",
"276103497703247177042447875193976868731",
"134917388529664245161893947990017139957",
"226089040167941104976275477776684400015",
"104846032757305020687639354003730299729",
"222085863694411554695751280296428509675",
"255854211394671235028099239239941918979",
"136026519064335303695757989541849195399",
"194873451320051029640692979003478341066",
"43352652901844035368647278648486198764",
"125466241571737108596091351434002597761",
"168373900347919829299115758288269419232",
"14187058373182660752026993724009138096",
"220089742313069771741470979392729760137",
"223740271218704691044632566568757241873",
"174452069919181409288521917637283554837",
"26334649573029291349946749202902972187",
"10441940388764236526033181584395419004",
"33068557004803088218958073604073363321",
"200376704330070633050642098781133553483",
"212991773666721219520525171900618524052",
"275916209979730042098206172259717358662",
"211385146476847858512153593649076678722",
"293344508270555135347854235560126908107",
"92043277307226922801816174755138972179",
"331185212555685459634440789825663602183",
"141105767553267367042960610783710317404",
"37217465515550349746425891226211037995",
"263328652366710341420504365192454690966",
"44300610468020223030563971080402017566",
"237902847680958740615345449558725869190",
"21502827540896121514721187201054258099",
"183061392657302308898650050218620017154",
"12929687834922705397816420353101884895",
"58771990501842173010686679421931243076",
"166595485853262678189988345535902319627",
"211431349636376210213079764948357788912",
"254255160913283797075211034969245890113",
"271053078223739475699800832996696242166",
"139245548801232706088094644944532728784",
"118520745008492591362273014009008944756",
"199657040951034301564831763957550331818",
"69455017706595586828058287152134607297",
"163931941276028201888437057654442405972",
"255133889843512175394495971579776704756",
"332442238569747619764165468854122249247",
"65576276384841339722051742737518303912",
"300952441715385326898684351107705806558",
"120111494780600346692276244503071213417",
"25213772926065132260296600363232884487",
"138379962327308040566918658880310129830",
"125228813316740010293193684003894116479",
"227320486990512058072450081346749569298",
"18061623932095078584669462992665454433",
"94348115491209017899388829608775164708",
"88623654372722037244066448098502849989",
"87376450120171059935026681258102805458",
"54915645632242927078134027022692331765",
"155239786097997892397494012544883659411",
"178280861553005026576694538315050615024",
"157840505803951023794150926447681585408",
"138282652629383891215777523891359715243",
"123006660505484041588433589635211702741",
"130120792853023180218061102142705419368",
"200451326632124865089628562865957244353",
"270193264385029804837528251219288460456",
"289274819526646075741764202230661276630",
"81364395945160583523362407352378373279",
"11671013320199668433845395639827945084",
"314223246919826747447097091438346197507",
"283164896152504068742128492009298811220",
"112627380097705100694589294980661349954",
"257244068004723209211714143727895637664",
"185739150185459726359850840386389085204",
"127117321054093262078608851246361361172",
"211678106444205832756219370704800485284",
"313334503901147691017419900955341685370",
"321471143385477306264346438218637266815",
"244215267691704438368554540110516993437",
"87580277744811242935283849129713430733",
"209782903477650705913003068605707620688",
"324212827135051679466576441320738789034",
"210227139509315512536880061363971280285",
"121670056522969923920032473046040436657",
"61559929114601079058055129198100218703",
"257244068004723209211714143727895637664",
"185739150185459726359850840386389085204",
"127117321054093262078608851246361361172",
"40107246647772670114589129543485090230",
"212243556019780864485078107470607673339",
"36213059915292066786100692562516242189",
"180370694774417540014013159274220137101",
"319909261398160437178311384194608726759",
"324109506772759856527787990090297979815",
"67816697512333997871737660767774352966",
"11805862050492474193240475819348842531",
"336675377387392389392678472985111546246",
"150020006160902026673435448444891197370",
"228936341258198685709614809245933146693",
"153798073263711097858304683761959996390",
"290675178907239861990654195751152790041",
"284970076612222114812713796515636223700",
"70984519666983405112932073908572779981",
"185439118111837227302794472124509792842",
"278277965259582445776703708474167938396",
"124308170424453391008846760485664533050",
"78794855455546355147625026809544364702",
"316518968688487591124600899248929094170",
"219332414870531677491306866624137873560",
"257244068004723209211714143727895637664",
"124308170424453391008846760485664533050",
"291663933708698341317238675702417357682",
"263153676423446941201035425291842464499",
"138865201277903013263859055572618214355",
"263657889673693539234755264336317566224",
"131950719552415853374974943574196302701",
"128207038652617123199060604763211395364",
"133643634753925485940317574032077647779",
"166205274425897959107416756178279040842",
"267466251493969822057769357965303575458",
"6884154813568407686708585871797504063",
"147384248771160766892105432284315485649",
"334803521932342569193049728988823561468",
"190655678693795016023027408428736211935",
"59220532268208686177377745834752673409",
"195370054285965847287051030036634958499",
"84095917392157169453681950017069538799",
"7436907314074279257516258928984220417",
"25427733854132918823575198187853661323",
"275261048257123377892035511833957093186",
"273581107136542946400206407281298113060",
"330019215099815983016331107650706246755",
"115302127041060975096100305173990464987",
"253817664859787273816499597354388224651",
"166877818761183166435495904706890286655",
"262218391921704215063310262915093928768",
"238633005151259835515275833774889613776",
"314618428633670615463333613564054794863",
"108908674078215652470911591629660783108",
"322090079324500686735515049578529006922",
"266188042532482109840427848238381760585",
"29987415604241062530857565121908874482",
"110585291847834763393427879504515642496",
"148430845584113374922257930745882007719",
"300470973580649301410125794132191363072",
"40798699840919665521875039012205649128",
"242042480488637564869336022728029667607",
"55489560055308407596379726274265312763",
"300242276634757216215074330399845658504"
],
"threshold": 0.9
},
"signature_type": "Line",
"target": {
"file": "utils/axodraw2/axodraw2-src/axohelp.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079"
},
{
"id": "CVE-2019-18604-4f42ec2e",
"digest": {
"length": 622.0,
"function_hash": "157780983842370800159792074261664080936"
},
"signature_type": "Function",
"target": {
"file": "utils/axodraw2/axodraw2-src/axohelp.c",
"function": "BezierCircle"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079"
},
{
"id": "CVE-2019-18604-4ff730a0",
"digest": {
"length": 119.0,
"function_hash": "117919515315006004643626921912359018540"
},
"signature_type": "Function",
"target": {
"file": "utils/axodraw2/axodraw2-src/axohelp.c",
"function": "MoveTo"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079"
},
{
"id": "CVE-2019-18604-6b926f1f",
"digest": {
"length": 181.0,
"function_hash": "293558079702424907313843070047986460212"
},
"signature_type": "Function",
"target": {
"file": "utils/axodraw2/axodraw2-src/axohelp.c",
"function": "SetDashSize"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079"
},
{
"id": "CVE-2019-18604-73a51ea9",
"digest": {
"length": 326.0,
"function_hash": "125322444721427237988297420194325061605"
},
"signature_type": "Function",
"target": {
"file": "utils/axodraw2/axodraw2-src/axohelp.c",
"function": "SetColor"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079"
},
{
"id": "CVE-2019-18604-8810c294",
"digest": {
"length": 3156.0,
"function_hash": "81927397507924608475149752504754799262"
},
"signature_type": "Function",
"target": {
"file": "utils/axodraw2/axodraw2-src/axohelp.c",
"function": "DoOneObject"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079"
},
{
"id": "CVE-2019-18604-a6ee67c0",
"digest": {
"length": 166.0,
"function_hash": "144549723308065196623448566035051878456"
},
"signature_type": "Function",
"target": {
"file": "utils/axodraw2/axodraw2-src/axohelp.c",
"function": "SetBackgroundColor"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079"
},
{
"id": "CVE-2019-18604-a9be7aca",
"digest": {
"length": 241.0,
"function_hash": "84733563324918022688784074802032030599"
},
"signature_type": "Function",
"target": {
"file": "utils/axodraw2/axodraw2-src/axohelp.c",
"function": "Triangle"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079"
},
{
"id": "CVE-2019-18604-acf549e4",
"digest": {
"length": 457.0,
"function_hash": "16098050979914400358671514179385211165"
},
"signature_type": "Function",
"target": {
"file": "utils/axodraw2/axodraw2-src/axohelp.c",
"function": "SetTransferMatrix"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079"
},
{
"id": "CVE-2019-18604-c2047170",
"digest": {
"length": 194.0,
"function_hash": "254900791381319363401525987372823450443"
},
"signature_type": "Function",
"target": {
"file": "utils/axodraw2/axodraw2-src/axohelp.c",
"function": "SetGray"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079"
},
{
"id": "CVE-2019-18604-d048b26a",
"digest": {
"length": 2216.0,
"function_hash": "161242004542298151341433497762781544268"
},
"signature_type": "Function",
"target": {
"file": "utils/axodraw2/axodraw2-src/axohelp.c",
"function": "main"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079"
},
{
"id": "CVE-2019-18604-d456a6ba",
"digest": {
"length": 839.0,
"function_hash": "61493393427096601023821885187692770609"
},
"signature_type": "Function",
"target": {
"file": "utils/axodraw2/axodraw2-src/axohelp.c",
"function": "ReadInput"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079"
},
{
"id": "CVE-2019-18604-da622702",
"digest": {
"length": 834.0,
"function_hash": "257938881039830889329390536057744182651"
},
"signature_type": "Function",
"target": {
"file": "utils/axodraw2/axodraw2-src/axohelp.c",
"function": "ArrowHead"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079"
},
{
"id": "CVE-2019-18604-dae61588",
"digest": {
"length": 636.0,
"function_hash": "177671348666588303632022001626723422224"
},
"signature_type": "Function",
"target": {
"file": "utils/axodraw2/axodraw2-src/axohelp.c",
"function": "BezierOval"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079"
}
]
}