LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. Thi

LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs becaus

An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overfl

TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, wh

The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 an

mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a sym

mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the te

Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause

Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (applicati

Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remo