{"id":"UBUNTU-CVE-2019-18604","details":"In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.","modified":"2026-04-22T12:14:39.173714Z","published":"2019-10-29T19:15:00Z","related":["USN-6695-1"],"upstream":["CVE-2019-18604"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-18604"},{"type":"REPORT","url":"https://github.com/TeX-Live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079#diff-987e40c0e27ee43f6a2414ada73a191a"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6695-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2019-18604"}],"affected":[{"package":{"name":"texlive-bin","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/texlive-bin@2019.20190605.51237-3ubuntu0.2?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2019.20190605.51237-3ubuntu0.2"}]}],"versions":["2019.20190605.51237-2build1","2019.20190605.51237-3","2019.20190605.51237-3build1","2019.20190605.51237-3build2","2019.20190605.51237-3ubuntu0.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2019.20190605.51237-3ubuntu0.2","binary_name":"libkpathsea6"},{"binary_version":"2019.20190605.51237-3ubuntu0.2","binary_name":"libptexenc1"},{"binary_version":"2019.20190605.51237-3ubuntu0.2","binary_name":"libsynctex2"},{"binary_version":"2019.20190605.51237-3ubuntu0.2","binary_name":"libtexlua53"},{"binary_version":"2019.20190605.51237-3ubuntu0.2","binary_name":"libtexluajit2"},{"binary_version":"2019.20190605.51237-3ubuntu0.2","binary_name":"texlive-binaries"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-18604.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]}