CVE-2015-8106 | HackTesting

Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file.

References

http://www.openwall.com/lists/oss-security/2015/11/16/3

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181276.html

https://sourceforge.net/p/latex2rtf/code/1244/

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181677.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181725.html

https://bugzilla.redhat.com/show_bug.cgi?id=1282492