CVE-2015-5701

Publication date 25 August 2017

Last updated 16 September 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

6.1 · Medium

Score breakdown

Description

mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.

Read the notes from the security team

Status

Package Ubuntu Release Status
texlive-bin 15.04 vivid
Not affected
14.04 LTS trusty Not in release
12.04 LTS precise
Not affected

Notes

seth-arnold

Debian/Ubuntu never reintroduced this; mktexlsr-use-mktemp patch

Severity score breakdown

CVSS version: CVSS v3.0

Base score 6.1 · Medium

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

References

Other references

Access our resources on patching vulnerabilities