CVE-2015-5700

Publication date 25 August 2017

Last updated 21 September 2025

Ubuntu priority

Why this priority?

Cvss 3 Severity Score

Score breakdown

Description

mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
texlive-bin	18.04 LTS bionic	Not affected
	17.10 artful	Not affected
	17.04 zesty	Not affected
	16.10 yakkety	Not affected
	16.04 LTS xenial	Not affected
	15.10 wily	Not affected
	15.04 vivid	Not affected
	14.04 LTS trusty	Fixed 2013.20130729.30972-2ubuntu0.1
	12.04 LTS precise	Not affected

Notes

seth-arnold

See also CVE-2015-5701

mdeslaur

introduced by: https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885

Severity score breakdown

Parameter	Value
Base score	6.1 · Medium
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	Low
Integrity impact	High
Availability impact	None
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

References

Related Ubuntu Security Notices (USN)

USN-3788-1
Tex Live vulnerabilities
11 October 2018

Other references