icon

We found results for “

CVE-2024-29073

Good to know:

icon

Date: July 22, 2024

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.

Severity Score

Severity Score

Weakness Type (CWE)

Inclusion of Functionality from Untrusted Control Sphere

CWE-829

Top Fix

icon

Upgrade Version

Upgrade to version anki - 24.6

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us