CVE-2024-43426

A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2304254	Permissions Required
https://moodle.org/mod/forum/discuss.php?d=461194	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

History

05 Aug 2025, 18:33

Type	Values Removed	Values Added
First Time		Moodle Moodle moodle
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2304254 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2304254 - Permissions Required
References	~~() https://moodle.org/mod/forum/discuss.php?d=461194 -~~	() https://moodle.org/mod/forum/discuss.php?d=461194 - Vendor Advisory
CPE		cpe:2.3:a:moodle:moodle::::::::

10 Feb 2025, 23:15

Type	Values Removed	Values Added
CWE		CWE-1287

Information

Published : 2024-11-07 14:15

Updated : 2025-08-05 18:33

NVD link : CVE-2024-43426

Mitre link : CVE-2024-43426

CVE.ORG link : CVE-2024-43426

JSON object : View

Products Affected

moodle

moodle

CWE

CWE-1287

Improper Validation of Specified Type of Input

{"id": "CVE-2024-43426", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-11-07T14:15:15.510", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304254", "tags": ["Permissions Required"], "source": "patrick@puiterwijk.org"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=461194", "tags": ["Vendor Advisory"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-1287"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en pdfTeX. Una desinfecci\u00f3n insuficiente en el filtro de notaci\u00f3n TeX result\u00f3 en un riesgo de lectura arbitraria de archivos en sitios donde pdfTeX est\u00e1 disponible, como aquellos con TeX Live instalado."}], "lastModified": "2025-08-05T18:33:37.703", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C7D59EF-3215-477B-8056-B3954A4064D0", "versionEndExcluding": "4.1.12", "versionStartIncluding": "4.1.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8D123FB-556C-4602-91CB-ABE6541079F3", "versionEndExcluding": "4.2.9", "versionStartIncluding": "4.2.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBA8C381-9493-42BD-A5EA-7AADFAB68C5E", "versionEndExcluding": "4.3.6", "versionStartIncluding": "4.3.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "277E1058-2F00-45DB-8BFC-2628CCC89981", "versionEndExcluding": "4.4.2", "versionStartIncluding": "4.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}