{"id":"CVE-2016-10243","details":"TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.","modified":"2026-04-16T06:16:22.331520891Z","published":"2017-05-02T14:59:00.283Z","related":["SUSE-SU-2024:1203-1","openSUSE-SU-2024:11431-1","openSUSE-SU-2024:11433-1","openSUSE-SU-2024:11434-1","openSUSE-SU-2024:11435-1","openSUSE-SU-2024:11436-1","openSUSE-SU-2024:11437-1","openSUSE-SU-2024:11438-1","openSUSE-SU-2024:11439-1","openSUSE-SU-2024:11440-1","openSUSE-SU-2024:11441-1","openSUSE-SU-2024:11442-1","openSUSE-SU-2024:11443-1","openSUSE-SU-2024:11444-1","openSUSE-SU-2024:11445-1","openSUSE-SU-2024:11446-1","openSUSE-SU-2024:11447-1","openSUSE-SU-2024:11448-1","openSUSE-SU-2024:11449-1","openSUSE-SU-2024:11450-1","openSUSE-SU-2024:11451-1","openSUSE-SU-2024:11452-1","openSUSE-SU-2024:11453-1","openSUSE-SU-2024:11454-1","openSUSE-SU-2024:11455-1","openSUSE-SU-2024:11456-1","openSUSE-SU-2024:11457-1","openSUSE-SU-2024:11458-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/96593"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201709-07"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3803"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/03/05/1"},{"type":"FIX","url":"https://www.tug.org/svn/texlive?view=revision&revision=42605"},{"type":"EVIDENCE","url":"https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"25"}]},{"events":[{"introduced":"0"},{"last_affected":"26"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10243.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}