Login Sign Up

CVE-2019-18604

9.8 CRITICAL
Buffer Overflow

📋 TL;DR

This vulnerability in axohelp (part of axodraw2) involves mishandling of sprintf functions, which can lead to buffer overflow attacks. It affects systems using TeXLive and other TeX distributions with vulnerable versions of axodraw2. Attackers could potentially execute arbitrary code or cause denial of service.

💻 Affected Systems

Products:
  • axodraw2
  • TeXLive
  • Other TeX distributions containing axodraw2
Versions: axodraw2 versions before 2.1.1b, axohelp versions before 1.3
Operating Systems: Linux, Unix-like systems, Windows (through TeX distributions)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects any system with vulnerable TeXLive or other TeX distributions installed, particularly those processing LaTeX documents with axodraw2 graphics.

📦 What is this software?

Axodraw2 by Axodraw2 Project

View all CVEs affecting Axodraw2 →

Axohelp.c by Axohelp.c Project

View all CVEs affecting Axohelp.c →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full system compromise, allowing attackers to take complete control of affected systems.

🟠

Likely Case

Denial of service through application crashes or limited code execution in constrained environments.

🟢

If Mitigated

Minimal impact if systems are properly segmented, have exploit mitigations enabled, and don't process untrusted input.

🌐 Internet-Facing: MEDIUM - While the vulnerability is severe, TeX-related tools are typically not directly internet-facing, reducing exposure.
🏢 Internal Only: MEDIUM - Internal systems running vulnerable TeX distributions could be compromised through malicious documents or automated processing.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Buffer overflow vulnerabilities in sprintf functions are well-understood attack vectors, but specific exploit development would require understanding the vulnerable code paths.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: axodraw2 2.1.1b or later, axohelp 1.3 or later

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2023/05/msg00033.html

Restart Required: No

Instructions:

1. Update TeXLive to version 2019 or later. 2. For standalone installations, update axodraw2 to version 2.1.1b or later. 3. Verify the fix by checking version numbers.

🔧 Temporary Workarounds

Remove vulnerable components

linux

Uninstall or disable axodraw2 and axohelp if not required

sudo apt remove texlive-pictures texlive-latex-extra
sudo yum remove texlive-axodraw2

Input validation

all

Implement strict input validation for LaTeX documents processed by vulnerable systems

🧯 If You Can't Patch

  • Network segmentation: Isolate systems running vulnerable TeX distributions from critical networks
  • Implement strict access controls: Limit who can submit documents for processing and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check installed axodraw2 version: locate axodraw2.sty and check file contents for version information

Check Version:

grep 'ProvidesPackage{axodraw2}' $(kpsewhich axodraw2.sty) | grep -o '[0-9]\+\.[0-9]\+\.[0-9]\+[a-z]*'

Verify Fix Applied:

Verify axodraw2 version is 2.1.1b or later and axohelp version is 1.3 or later

📡 Detection & Monitoring

Log Indicators:

  • Segmentation faults or abnormal termination of LaTeX processing tools
  • Unexpected process creation from tex-related binaries

Network Indicators:

  • Unusual network connections originating from TeX processing systems

SIEM Query:

process_name: (pdflatex, latex, tex) AND (event_type: crash OR exit_code: 139)

📊 Metadata

CVE ID: CVE-2019-18604
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: October 29, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON