Juho Forsén discovered that KaTeX did not correctly handle certain inputs, which could lead to an infinite loop. If a user or application were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2024-28243) Tobias S. Fink discovered that KaTeX did not correctly block certain URL protocols. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2024-28246) It was discovered that KaTeX did not correctly handle certain inputs. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2024-28245) Sean Ng discovered that KaTeX did not correctly handle certain inputs. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to execute arbitrary code. (CVE-2025-23207)
Continue reading...
Continue reading...
