Home > Vulnerability Database > CVE-2024-29073

Mend.io Vulnerability Database

CVE-2024-29073

Good to know:

Date: July 22, 2024

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.

Severity Score

5.3

Related Resources (9)

Url: https://github.com/ankitects/anki/pull/3218

Url: https://github.com/ankitects/anki/commit/06f7aa393d21d7d5dd8039e15d543b73c3346932

Url: https://skerritt.blog/anki-0day

Url: https://skii.dev/anki-0day

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-29073

Url: https://security-tracker.debian.org/tracker/CVE-2024-29073

Url: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1992

Url: https://github.com/ankitects/anki

Url: https://www.mend.io/vulnerability-database/CVE-2024-29073

Severity Score

5.3

Weakness Type (CWE)

Inclusion of Functionality from Untrusted Control Sphere

CWE-829

Top Fix

Upgrade Version

Upgrade to version anki - 24.6

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-29073

Good to know:

Date: July 22, 2024

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?