Arbitrary Command Execution in TeX Live via mpost in texmf.cnf

Arbitrary Command Execution in TeX Live via mpost in texmf.cnf

CVE-2016-10243 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.

Learn more about our Web Application Penetration Testing UK.