CVE-2024-40445 – A directory traversal vulnerability in forkosh ... (How to Fix)

Q: What is the severity of CVE-2024-40445?

CVE-2024-40445 has a CVSS score of 7.3 (HIGH). A directory traversal vulnerability in forkosh Mime TeX allows attackers on Windows systems to read or append arbitrary files by manipulating input paths. This affects users running Mime TeX versions before 1.77 on Windows, potentially exposing sensitive system files.

📋 TL;DR

A directory traversal vulnerability in forkosh Mime TeX allows attackers on Windows systems to read or append arbitrary files by manipulating input paths. This affects users running Mime TeX versions before 1.77 on Windows, potentially exposing sensitive system files.

💻 Affected Systems

Products:

forkosh Mime TeX

Versions: All versions before 1.77

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows systems due to path handling differences. Linux/Unix systems are not vulnerable.

📦 What is this software?

Mimetex by Ctan

View all CVEs affecting Mimetex →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive files (passwords, configuration files) or appending malicious content to critical system files.

🟠

Likely Case

Unauthorized file access leading to information disclosure of sensitive data stored in accessible directories.

🟢

If Mitigated

Limited impact if proper file permissions and input validation are in place, restricting access to non-critical files.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept code and demonstration videos are available, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.77

Vendor Advisory: https://github.com/Oefenweb/mimetex

Restart Required: No

Instructions:

1. Download Mime TeX version 1.77 or later from the official repository. 2. Replace the vulnerable mimetex.c file with the patched version. 3. Recompile the application if using source code. 4. Replace the binary if using pre-compiled versions.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation to reject paths containing directory traversal sequences (../, ..\)

Implement input sanitization in application code before passing paths to Mime TeX

File Permission Restriction

windows

Run Mime TeX with minimal file system permissions, restricting access to necessary directories only

Configure application to run under a restricted user account with limited file access

🧯 If You Can't Patch

Isolate the vulnerable system from untrusted networks and users
Implement strict network access controls and monitor for suspicious file access patterns

🔍 How to Verify

Check if Vulnerable:

Check if Mime TeX version is below 1.77 and running on Windows. Review code for vulnerable path handling in mimetex.c lines 12414-12423.

Check Version:

Check the version number in the mimetex.c source file or binary metadata

Verify Fix Applied:

Verify Mime TeX version is 1.77 or later. Test with directory traversal payloads to confirm they are rejected.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns, especially attempts to access files outside expected directories
Failed path traversal attempts in application logs

Network Indicators:

HTTP requests containing directory traversal sequences (../, ..\) to Mime TeX endpoints

SIEM Query:

Search for patterns like '*../*' or '*..\\*' in web request logs targeting Mime TeX endpoints

📊 Metadata

CVE ID: CVE-2024-40445

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-77

EPSS Score: 0.03% exploit probability (9.3th percentile)

Published: April 22, 2025

Last Updated: June 23, 2025

🔗 References

https://github.com/Oefenweb/mimetex/blob/master/mimetex.c#L12414-L12423 Product
https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446/ Mitigation,Third Party Advisory
https://youtu.be/OII16TteaJw Broken Link
https://youtu.be/W2KPHFNfgrg Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40445, you might also want to check these: