LaTeX functionality vulnerability allows arbitrary file creation via malicious flashcards
CVE-2024-32152

4.3MEDIUM

Key Information:

Vendor: Ankitects
Status: Anki
Vendor: CVE Published:; 22 July 2024

What is CVE-2024-32152?

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability.

Affected Version(s)

Anki 24.04

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2024
Vulnerability Reserved
May 6, 2024

Credit

Discovered by Autumn Bee Skerritt of Cisco Duo Security and Jacob B.