CVE-2024-40445

A directory traversal vulnerability in forkosh Mime TeX before version 1.77 allows attackers on Windows systems to read or append arbitrary files by manipulating crafted input paths.

CVSS

No CVSS.

References

Link	Resource
https://github.com/Oefenweb/mimetex/blob/master/mimetex.c#L12414-L12423	Product
https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446/	Third Party Advisory Mitigation
https://youtu.be/OII16TteaJw	Broken Link
https://youtu.be/W2KPHFNfgrg	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:ctan:mimetex:*:*:*:*:*:*:*:*

History

23 Jun 2025, 18:33

Type	Values Removed	Values Added
References	~~() https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446/ -~~	() https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446/ - Third Party Advisory, Mitigation
References	~~() https://youtu.be/OII16TteaJw -~~	() https://youtu.be/OII16TteaJw - Broken Link
References	~~() https://github.com/Oefenweb/mimetex/blob/master/mimetex.c#L12414-L12423 -~~	() https://github.com/Oefenweb/mimetex/blob/master/mimetex.c#L12414-L12423 - Product
References	~~() https://youtu.be/W2KPHFNfgrg -~~	() https://youtu.be/W2KPHFNfgrg - Broken Link
First Time		Ctan Ctan mimetex
CPE		cpe:2.3:a:ctan:mimetex::::::::

30 Apr 2025, 16:15

Type	Values Removed	Values Added
Summary	~~Directory Traversal vulnerability in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted file upload~~	A directory traversal vulnerability in forkosh Mime TeX before version 1.77 allows attackers on Windows systems to read or append arbitrary files by manipulating crafted input paths.

22 Apr 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-22 14:15

Updated : 2025-06-23 18:33

NVD link : CVE-2024-40445

Mitre link : CVE-2024-40445

JSON object : View

Products Affected

ctan

mimetex

CWE

No CWE.

JSON object

Attach tags to CVE-2024-40445

Attach tags to `CVE-2024-40445`