USN-7985-1
- Source
- https://ubuntu.com/security/notices/USN-7985-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7985-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-7985-1
- Upstream
- Related
- Published
- 2026-01-29T16:39:12.808193Z
- Modified
- 2026-02-02T08:43:42.602116Z
- Summary
- texlive-bin vulnerabilities
- Details
-
Shin Ando discovered that the Xpdf toolkit embedded in TeX Live incorrectly handled memory when decoding certain data streams. An attacker could possibly use this issue to cause TeX Live to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24106, CVE-2022-24107)
It was discovered that TeX Live allowed documents to make arbitrary network requests. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to exfiltrate sensitive information, or perform other network-related attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-32668)
It was discovered that TeX Live incorrectly handled certain TrueType fonts. If a user or automated system were tricked into opening a specially crafted TrueType font, a remote attacker could use this issue to cause TeX Live to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-25262)
- References
Affected packages
Ubuntu:Pro:16.04:LTS / texlive-bin
Package
- Name
- texlive-bin
- Purl
- pkg:deb/ubuntu/texlive-bin@2015.20160222.37495-1ubuntu0.1+esm1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2015.20160222.37495-1ubuntu0.1+esm1
Affected versions
2015.*
2015.20150524.37493-5build1
2015.20150524.37493-7
2015.20150524.37493-7build1
2015.20150524.37493-7build4
2015.20160222.37495-1
2015.20160222.37495-1ubuntu0.1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libkpathsea-dev",
"binary_version": "2015.20160222.37495-1ubuntu0.1+esm1"
},
{
"binary_name": "libkpathsea6",
"binary_version": "2015.20160222.37495-1ubuntu0.1+esm1"
},
{
"binary_name": "libptexenc-dev",
"binary_version": "2015.20160222.37495-1ubuntu0.1+esm1"
},
{
"binary_name": "libptexenc1",
"binary_version": "2015.20160222.37495-1ubuntu0.1+esm1"
},
{
"binary_name": "libsynctex-dev",
"binary_version": "2015.20160222.37495-1ubuntu0.1+esm1"
},
{
"binary_name": "libsynctex1",
"binary_version": "2015.20160222.37495-1ubuntu0.1+esm1"
},
{
"binary_name": "libtexlua52",
"binary_version": "2015.20160222.37495-1ubuntu0.1+esm1"
},
{
"binary_name": "libtexlua52-dev",
"binary_version": "2015.20160222.37495-1ubuntu0.1+esm1"
},
{
"binary_name": "libtexluajit-dev",
"binary_version": "2015.20160222.37495-1ubuntu0.1+esm1"
},
{
"binary_name": "libtexluajit2",
"binary_version": "2015.20160222.37495-1ubuntu0.1+esm1"
},
{
"binary_name": "texlive-binaries",
"binary_version": "2015.20160222.37495-1ubuntu0.1+esm1"
}
]
}
Database specific
cves_map
{
"cves": [
{
"id": "CVE-2023-32668",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-25262",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7985-1.json"
Ubuntu:Pro:18.04:LTS / texlive-bin
Package
- Name
- texlive-bin
- Purl
- pkg:deb/ubuntu/texlive-bin@2017.20170613.44572-8ubuntu0.2+esm1?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2017.20170613.44572-8ubuntu0.2+esm1
Affected versions
2017.*
2017.20170613.44572-5build1
2017.20170613.44572-5build2
2017.20170613.44572-6
2017.20170613.44572-6build1
2017.20170613.44572-6ubuntu1
2017.20170613.44572-8build1
2017.20170613.44572-8ubuntu0.1
2017.20170613.44572-8ubuntu0.2
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libkpathsea-dev",
"binary_version": "2017.20170613.44572-8ubuntu0.2+esm1"
},
{
"binary_name": "libkpathsea6",
"binary_version": "2017.20170613.44572-8ubuntu0.2+esm1"
},
{
"binary_name": "libptexenc-dev",
"binary_version": "2017.20170613.44572-8ubuntu0.2+esm1"
},
{
"binary_name": "libptexenc1",
"binary_version": "2017.20170613.44572-8ubuntu0.2+esm1"
},
{
"binary_name": "libsynctex-dev",
"binary_version": "2017.20170613.44572-8ubuntu0.2+esm1"
},
{
"binary_name": "libsynctex1",
"binary_version": "2017.20170613.44572-8ubuntu0.2+esm1"
},
{
"binary_name": "libtexlua52",
"binary_version": "2017.20170613.44572-8ubuntu0.2+esm1"
},
{
"binary_name": "libtexlua52-dev",
"binary_version": "2017.20170613.44572-8ubuntu0.2+esm1"
},
{
"binary_name": "libtexluajit-dev",
"binary_version": "2017.20170613.44572-8ubuntu0.2+esm1"
},
{
"binary_name": "libtexluajit2",
"binary_version": "2017.20170613.44572-8ubuntu0.2+esm1"
},
{
"binary_name": "texlive-binaries",
"binary_version": "2017.20170613.44572-8ubuntu0.2+esm1"
}
]
}
Database specific
cves_map
{
"cves": [
{
"id": "CVE-2023-32668",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-25262",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7985-1.json"
Ubuntu:Pro:20.04:LTS / texlive-bin
Package
- Name
- texlive-bin
- Purl
- pkg:deb/ubuntu/texlive-bin@2019.20190605.51237-3ubuntu0.2+esm1?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2019.20190605.51237-3ubuntu0.2+esm1
Affected versions
2019.*
2019.20190605.51237-2build1
2019.20190605.51237-3
2019.20190605.51237-3build1
2019.20190605.51237-3build2
2019.20190605.51237-3ubuntu0.1
2019.20190605.51237-3ubuntu0.2
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libkpathsea-dev",
"binary_version": "2019.20190605.51237-3ubuntu0.2+esm1"
},
{
"binary_name": "libkpathsea6",
"binary_version": "2019.20190605.51237-3ubuntu0.2+esm1"
},
{
"binary_name": "libptexenc-dev",
"binary_version": "2019.20190605.51237-3ubuntu0.2+esm1"
},
{
"binary_name": "libptexenc1",
"binary_version": "2019.20190605.51237-3ubuntu0.2+esm1"
},
{
"binary_name": "libsynctex-dev",
"binary_version": "2019.20190605.51237-3ubuntu0.2+esm1"
},
{
"binary_name": "libsynctex2",
"binary_version": "2019.20190605.51237-3ubuntu0.2+esm1"
},
{
"binary_name": "libtexlua53",
"binary_version": "2019.20190605.51237-3ubuntu0.2+esm1"
},
{
"binary_name": "libtexlua53-dev",
"binary_version": "2019.20190605.51237-3ubuntu0.2+esm1"
},
{
"binary_name": "libtexluajit-dev",
"binary_version": "2019.20190605.51237-3ubuntu0.2+esm1"
},
{
"binary_name": "libtexluajit2",
"binary_version": "2019.20190605.51237-3ubuntu0.2+esm1"
},
{
"binary_name": "texlive-binaries",
"binary_version": "2019.20190605.51237-3ubuntu0.2+esm1"
}
]
}
Database specific
cves_map
{
"cves": [
{
"id": "CVE-2022-24106",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-24107",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7985-1.json"
Ubuntu:22.04:LTS / texlive-bin
Package
- Name
- texlive-bin
- Purl
- pkg:deb/ubuntu/texlive-bin@2021.20210626.59705-1ubuntu0.3?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2021.20210626.59705-1ubuntu0.3
Affected versions
2020.*
2020.20200327.54578-7
2020.20200327.54578-7build1
2021.*
2021.20210626.59705-1
2021.20210626.59705-1build1
2021.20210626.59705-1ubuntu0.1
2021.20210626.59705-1ubuntu0.2
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libkpathsea-dev",
"binary_version": "2021.20210626.59705-1ubuntu0.3"
},
{
"binary_name": "libkpathsea6",
"binary_version": "2021.20210626.59705-1ubuntu0.3"
},
{
"binary_name": "libptexenc-dev",
"binary_version": "2021.20210626.59705-1ubuntu0.3"
},
{
"binary_name": "libptexenc1",
"binary_version": "2021.20210626.59705-1ubuntu0.3"
},
{
"binary_name": "libsynctex-dev",
"binary_version": "2021.20210626.59705-1ubuntu0.3"
},
{
"binary_name": "libsynctex2",
"binary_version": "2021.20210626.59705-1ubuntu0.3"
},
{
"binary_name": "libtexlua53",
"binary_version": "2021.20210626.59705-1ubuntu0.3"
},
{
"binary_name": "libtexlua53-dev",
"binary_version": "2021.20210626.59705-1ubuntu0.3"
},
{
"binary_name": "libtexluajit-dev",
"binary_version": "2021.20210626.59705-1ubuntu0.3"
},
{
"binary_name": "libtexluajit2",
"binary_version": "2021.20210626.59705-1ubuntu0.3"
},
{
"binary_name": "texlive-binaries",
"binary_version": "2021.20210626.59705-1ubuntu0.3"
}
]
}
Database specific
cves_map
{
"cves": [
{
"id": "CVE-2022-24106",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-24107",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7985-1.json"