Home / mailingsPDF  

[USN-7985-1] TeX Live vulnerabilities

Posted on 29 January 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-7985-1
January 29, 2026

texlive-bin vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in TeX Live.

Software Description:
- texlive-bin: Binaries for TeX Live

Details:

Shin Ando discovered that the Xpdf toolkit embedded in TeX Live incorrectly
handled memory when decoding certain data streams. An attacker could
possibly use this issue to cause TeX Live to crash, resulting in a denial
of service, or execute arbitrary code. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24106, CVE-2022-24107)

It was discovered that TeX Live allowed documents to make arbitrary network
requests. If a user or automated system were tricked into opening a
specially crafted document, a remote attacker could possibly use this issue
to exfiltrate sensitive information, or perform other network-related
attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2023-32668)

It was discovered that TeX Live incorrectly handled certain TrueType fonts.
If a user or automated system were tricked into opening a specially crafted
TrueType font, a remote attacker could use this issue to cause TeX Live to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2024-25262)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
texlive-binaries 2021.20210626.59705-1ubuntu0.3

Ubuntu 20.04 LTS
texlive-binaries 2019.20190605.51237-3ubuntu0.2+esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
texlive-binaries 2017.20170613.44572-8ubuntu0.2+esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
texlive-binaries 2015.20160222.37495-1ubuntu0.1+esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7985-1
CVE-2022-24106, CVE-2022-24107, CVE-2023-32668, CVE-2024-25262

Package Information:
https://launchpad.net/ubuntu/+source/texlive-bin/2021.20210626.59705-1ubuntu0.3

--===============0309303655417669463==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :