{"id":"CVE-2019-18604","details":"In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.","modified":"2026-04-11T17:54:09.871625Z","published":"2019-10-29T19:15:19.703Z","related":["openSUSE-SU-2024:11431-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00033.html"},{"type":"FIX","url":"https://github.com/TeX-Live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079#diff-987e40c0e27ee43f6a2414ada73a191a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tex-live/texlive-source","events":[{"introduced":"0"},{"fixed":"9216833a3888a4105a18e8c349f65b045ddb1079"}]},{"type":"GIT","repo":"https://github.com/tex-live/texlive-source","events":[{"introduced":"0"},{"fixed":"9216833a3888a4105a18e8c349f65b045ddb1079"}]}],"versions":["build-svn50573","build-svn50687","build-svn50777","build-svn50838","build-svn50882","pretest-build-20190228","pretest-build-20190307","pretest-build-20190312","pretest-build-svn50419","pretest-build-svn50430","svn50904","svn51092","texlive-2018.0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T17:54:09Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18604.json","vanir_signatures":[{"id":"CVE-2019-18604-088a66dc","target":{"file":"utils/axodraw2/axodraw2-src/axohelp.c","function":"CleanupOutput"},"digest":{"function_hash":"116146999032278722592872546539831817840","length":1125},"deprecated":false,"source":"https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079","signature_type":"Function","signature_version":"v1"},{"id":"CVE-2019-18604-28e32a13","target":{"file":"utils/axodraw2/axodraw2-src/axohelp.c","function":"SetLineWidth"},"digest":{"function_hash":"120835551869847016785898557085573314633","length":88},"deprecated":false,"source":"https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079","signature_type":"Function","signature_version":"v1"},{"id":"CVE-2019-18604-2a25b194","target":{"file":"utils/axodraw2/axodraw2-src/axohelp.c","function":"Bezier"},"digest":{"function_hash":"140367242223970718647118027407078874805","length":235},"deprecated":false,"source":"https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079","signature_type":"Function","signature_version":"v1"},{"id":"CVE-2019-18604-2bf648fe","target":{"file":"utils/axodraw2/axodraw2-src/axohelp.c","function":"Rectangle"},"digest":{"function_hash":"211541116227318982450337695070021872732","length":178},"deprecated":false,"source":"https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079","signature_type":"Function","signature_version":"v1"},{"id":"CVE-2019-18604-4b975700","target":{"file":"utils/axodraw2/axodraw2-src/axohelp.c","function":"LineTo"},"digest":{"function_hash":"60683288617306485047928209728171496448","length":119},"deprecated":false,"source":"https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079","signature_type":"Function","signature_version":"v1"},{"id":"CVE-2019-18604-4e60fcc0","target":{"file":"utils/axodraw2/axodraw2-src/axohelp.c"},"digest":{"line_hashes":["90498590522619657771106611038580063909","14517091361270199960485782171583561068","174653432312406668177826230122652183386","1328168089591693755285642767528759557","68253576661153561637811298115343312559","20739495190536612422038539647797725868","107714870793651680791309614095108016665","119754597417260062252716382388687595023","316023858701914795654251413577938162488","223448645037099358011013625928407544620","93874198251033512661561993275636537144","233077870278226606338938644086826688239","132345221993627304328875179616180369667","88892176781124232004333406020405013946","225224394789182788883626847544788418813","271340375492405332638923032372858134728","302974709379436496046478463939769704242","188646398205715288176181986612299755391","331586792358726950820281492366670572368","335109071340338437425880636784895820793","204273070081043729934473381608041778129","106283183255776127198012570543512929819","8554181236378276731660795886808060321","61436248661156690207878492046378787229","189084332444461119066957476640649492408","203267248024234440213014032241193843841","286375952544926629078274604624623529793","322859305160199193212523100519598460868","100909608028635451788397764490611873395","220068750210453312753984535238825320381","258666009487275808391547445084730896959","243799949817106331483010522402986647365","72571929794298499257949608165600103397","241404867070301280421565349273349502107","314652031132056952559571240402168021867","78573907877062859772463689559955462341","40369465933207798815807610626504903009","19653345528701817879634675682126845766","240319341402564416107058129481236191298","177238861946963262603810609931270117522","332603767450950713408001914344028791991","271956508556801271049505104280009997735","178127693628558193300208981576671251727","94896371432531235263555710262873534449","311832280499503402948801499601958408050","288572068712881299858377595320669474265","127962149202190535208006098131554939586","188889558858992025675848533310296075319","98596018987701065380996717403305876559","219180871763904671914146760941164766808","202049712347234935683167592558545278839","295283978187557669435913363121536589486","37427897002281524966637998042345909021","244587479094274424700217800574016787730","194513804682447655344887766377602596978","254606420019198344751507092548867695714","21190939760897903895883187654014691712","29547715453398630760809604591188182990","102476517764405187726053942226962422817","28138073472943879710675048915709676087","191021497479759386946140028616010730952","207206288060089984259418933714343448431","243602085151444965525076290902353115862","6363859309512170382675206415090910209","104280650930109438797239870500755785508","233065987760607927550551816236352759619","274021787396151104400217715070819038794","309826260960441579968761773477116207634","51714816923415117942460785178145658419","9581850013693382150805141559158151512","308695312504956032684202948961871733007","47935535788934920638213107223543610923","157649791213778848424784327429986114084","39098400746068299492301781565880500992","144946260307093302420946911170250675228","78874289251931491182842932485159188079","31156631895769174772984768094098265127","317376880332750220660432697314935700563","175519479515359958971976604149841268141","267472134453886843013980373388386559930","254726971677203893139584513983004334289","47060986074281677038850756333778089447","92768903660205872461477870702210290467","70132952656292773567634948470595126470","179887109060639115191781455372641147564","336649712776769156193966602664356465070","108280746378987131316474994218608497750","182094757673451228595745161600685448273","302545264088779073636486757096530262543","158242967596505433785913876538503373366","8273760329472952891662322928712053975","275933212068434329346231726280502989755","150710488946263626054437016584143133748","16643876786893807392347814265616721829","172062900951902777570754620033087447212","269900610676940789166207578200277286820","208626400511570851281713807539556426533","98989286145974349653054967364131919375","336735744901902028002030496540549248641","259655422002939217719301252592902446100","246423639334341437922347427976521992388","237172327126995752551350426269466260549","335165076958235489986071716089724632193","276103497703247177042447875193976868731","134917388529664245161893947990017139957","226089040167941104976275477776684400015","104846032757305020687639354003730299729","222085863694411554695751280296428509675","255854211394671235028099239239941918979","136026519064335303695757989541849195399","194873451320051029640692979003478341066","43352652901844035368647278648486198764","125466241571737108596091351434002597761","168373900347919829299115758288269419232","14187058373182660752026993724009138096","220089742313069771741470979392729760137","223740271218704691044632566568757241873","174452069919181409288521917637283554837","26334649573029291349946749202902972187","10441940388764236526033181584395419004","33068557004803088218958073604073363321","200376704330070633050642098781133553483","212991773666721219520525171900618524052","275916209979730042098206172259717358662","211385146476847858512153593649076678722","293344508270555135347854235560126908107","92043277307226922801816174755138972179","331185212555685459634440789825663602183","141105767553267367042960610783710317404","37217465515550349746425891226211037995","263328652366710341420504365192454690966","44300610468020223030563971080402017566","237902847680958740615345449558725869190","21502827540896121514721187201054258099","183061392657302308898650050218620017154","12929687834922705397816420353101884895","58771990501842173010686679421931243076","166595485853262678189988345535902319627","211431349636376210213079764948357788912","254255160913283797075211034969245890113","271053078223739475699800832996696242166","139245548801232706088094644944532728784","118520745008492591362273014009008944756","199657040951034301564831763957550331818","69455017706595586828058287152134607297","163931941276028201888437057654442405972","255133889843512175394495971579776704756","332442238569747619764165468854122249247","65576276384841339722051742737518303912","300952441715385326898684351107705806558","120111494780600346692276244503071213417","25213772926065132260296600363232884487","138379962327308040566918658880310129830","125228813316740010293193684003894116479","227320486990512058072450081346749569298","18061623932095078584669462992665454433","94348115491209017899388829608775164708","88623654372722037244066448098502849989","87376450120171059935026681258102805458","54915645632242927078134027022692331765","155239786097997892397494012544883659411","178280861553005026576694538315050615024","157840505803951023794150926447681585408","138282652629383891215777523891359715243","123006660505484041588433589635211702741","130120792853023180218061102142705419368","200451326632124865089628562865957244353","270193264385029804837528251219288460456","289274819526646075741764202230661276630","81364395945160583523362407352378373279","11671013320199668433845395639827945084","314223246919826747447097091438346197507","283164896152504068742128492009298811220","112627380097705100694589294980661349954","257244068004723209211714143727895637664","185739150185459726359850840386389085204","127117321054093262078608851246361361172","211678106444205832756219370704800485284","313334503901147691017419900955341685370","321471143385477306264346438218637266815","244215267691704438368554540110516993437","87580277744811242935283849129713430733","209782903477650705913003068605707620688","324212827135051679466576441320738789034","210227139509315512536880061363971280285","121670056522969923920032473046040436657","61559929114601079058055129198100218703","257244068004723209211714143727895637664","185739150185459726359850840386389085204","127117321054093262078608851246361361172","40107246647772670114589129543485090230","212243556019780864485078107470607673339","36213059915292066786100692562516242189","180370694774417540014013159274220137101","319909261398160437178311384194608726759","324109506772759856527787990090297979815","67816697512333997871737660767774352966","11805862050492474193240475819348842531","336675377387392389392678472985111546246","150020006160902026673435448444891197370","228936341258198685709614809245933146693","153798073263711097858304683761959996390","290675178907239861990654195751152790041","284970076612222114812713796515636223700","70984519666983405112932073908572779981","185439118111837227302794472124509792842","278277965259582445776703708474167938396","124308170424453391008846760485664533050","78794855455546355147625026809544364702","316518968688487591124600899248929094170","219332414870531677491306866624137873560","257244068004723209211714143727895637664","124308170424453391008846760485664533050","291663933708698341317238675702417357682","263153676423446941201035425291842464499","138865201277903013263859055572618214355","263657889673693539234755264336317566224","131950719552415853374974943574196302701","128207038652617123199060604763211395364","133643634753925485940317574032077647779","166205274425897959107416756178279040842","267466251493969822057769357965303575458","6884154813568407686708585871797504063","147384248771160766892105432284315485649","334803521932342569193049728988823561468","190655678693795016023027408428736211935","59220532268208686177377745834752673409","195370054285965847287051030036634958499","84095917392157169453681950017069538799","7436907314074279257516258928984220417","25427733854132918823575198187853661323","275261048257123377892035511833957093186","273581107136542946400206407281298113060","330019215099815983016331107650706246755","115302127041060975096100305173990464987","253817664859787273816499597354388224651","166877818761183166435495904706890286655","262218391921704215063310262915093928768","238633005151259835515275833774889613776","314618428633670615463333613564054794863","108908674078215652470911591629660783108","322090079324500686735515049578529006922","266188042532482109840427848238381760585","29987415604241062530857565121908874482","110585291847834763393427879504515642496","148430845584113374922257930745882007719","300470973580649301410125794132191363072","40798699840919665521875039012205649128","242042480488637564869336022728029667607","55489560055308407596379726274265312763","300242276634757216215074330399845658504"],"threshold":0.9},"deprecated":false,"source":"https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079","signature_type":"Line","signature_version":"v1"},{"id":"CVE-2019-18604-4f42ec2e","target":{"file":"utils/axodraw2/axodraw2-src/axohelp.c","function":"BezierCircle"},"digest":{"function_hash":"157780983842370800159792074261664080936","length":622},"deprecated":false,"source":"https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079","signature_type":"Function","signature_version":"v1"},{"id":"CVE-2019-18604-4ff730a0","target":{"file":"utils/axodraw2/axodraw2-src/axohelp.c","function":"MoveTo"},"digest":{"function_hash":"117919515315006004643626921912359018540","length":119},"deprecated":false,"source":"https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079","signature_type":"Function","signature_version":"v1"},{"id":"CVE-2019-18604-6b926f1f","target":{"file":"utils/axodraw2/axodraw2-src/axohelp.c","function":"SetDashSize"},"digest":{"function_hash":"293558079702424907313843070047986460212","length":181},"deprecated":false,"source":"https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079","signature_type":"Function","signature_version":"v1"},{"id":"CVE-2019-18604-73a51ea9","target":{"file":"utils/axodraw2/axodraw2-src/axohelp.c","function":"SetColor"},"digest":{"function_hash":"125322444721427237988297420194325061605","length":326},"deprecated":false,"source":"https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079","signature_type":"Function","signature_version":"v1"},{"id":"CVE-2019-18604-8810c294","target":{"file":"utils/axodraw2/axodraw2-src/axohelp.c","function":"DoOneObject"},"digest":{"function_hash":"81927397507924608475149752504754799262","length":3156},"deprecated":false,"source":"https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079","signature_type":"Function","signature_version":"v1"},{"id":"CVE-2019-18604-a6ee67c0","target":{"file":"utils/axodraw2/axodraw2-src/axohelp.c","function":"SetBackgroundColor"},"digest":{"function_hash":"144549723308065196623448566035051878456","length":166},"deprecated":false,"source":"https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079","signature_type":"Function","signature_version":"v1"},{"id":"CVE-2019-18604-a9be7aca","target":{"file":"utils/axodraw2/axodraw2-src/axohelp.c","function":"Triangle"},"digest":{"function_hash":"84733563324918022688784074802032030599","length":241},"deprecated":false,"source":"https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079","signature_type":"Function","signature_version":"v1"},{"id":"CVE-2019-18604-acf549e4","target":{"file":"utils/axodraw2/axodraw2-src/axohelp.c","function":"SetTransferMatrix"},"digest":{"function_hash":"16098050979914400358671514179385211165","length":457},"deprecated":false,"source":"https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079","signature_type":"Function","signature_version":"v1"},{"id":"CVE-2019-18604-c2047170","target":{"file":"utils/axodraw2/axodraw2-src/axohelp.c","function":"SetGray"},"digest":{"function_hash":"254900791381319363401525987372823450443","length":194},"deprecated":false,"source":"https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079","signature_type":"Function","signature_version":"v1"},{"id":"CVE-2019-18604-d048b26a","target":{"file":"utils/axodraw2/axodraw2-src/axohelp.c","function":"main"},"digest":{"function_hash":"161242004542298151341433497762781544268","length":2216},"deprecated":false,"source":"https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079","signature_type":"Function","signature_version":"v1"},{"id":"CVE-2019-18604-d456a6ba","target":{"file":"utils/axodraw2/axodraw2-src/axohelp.c","function":"ReadInput"},"digest":{"function_hash":"61493393427096601023821885187692770609","length":839},"deprecated":false,"source":"https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079","signature_type":"Function","signature_version":"v1"},{"id":"CVE-2019-18604-da622702","target":{"file":"utils/axodraw2/axodraw2-src/axohelp.c","function":"ArrowHead"},"digest":{"function_hash":"257938881039830889329390536057744182651","length":834},"deprecated":false,"source":"https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079","signature_type":"Function","signature_version":"v1"},{"id":"CVE-2019-18604-dae61588","target":{"file":"utils/axodraw2/axodraw2-src/axohelp.c","function":"BezierOval"},"digest":{"function_hash":"177671348666588303632022001626723422224","length":636},"deprecated":false,"source":"https://github.com/tex-live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079","signature_type":"Function","signature_version":"v1"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"1.3"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.1"}]},{"events":[{"introduced":"axohelp.c"},{"fixed":"1.3"}]},{"events":[{"introduced":"axodraw2"},{"fixed":"2.1.1b"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}