An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can overwrite a structure, leading to a function call with an invalid parameter, and a subsequent free of important data such as a function pointer or list pointer. This is fixed in 6.9d.
References
Link | Resource |
---|---|
http://www.dessci.com/en/dl/ | Product Vendor Advisory |
https://drive.google.com/open?id=1qrHKzDA1daHh0mM2T8FRybL8we-mHRW9 | Exploit Third Party Advisory |
http://www.dessci.com/en/dl/ | Product Vendor Advisory |
https://drive.google.com/open?id=1qrHKzDA1daHh0mM2T8FRybL8we-mHRW9 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 04:11
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.dessci.com/en/dl/ - Product, Vendor Advisory | |
References | () https://drive.google.com/open?id=1qrHKzDA1daHh0mM2T8FRybL8we-mHRW9 - Exploit, Third Party Advisory |
27 May 2021, 19:58
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:wiris:mathtype:6.9c:*:*:*:*:*:*:* |
Information
Published : 2018-02-28 05:29
Updated : 2024-11-21 04:11
NVD link : CVE-2018-6641
Mitre link : CVE-2018-6641
CVE.ORG link : CVE-2018-6641
JSON object : View
Products Affected
wiris
- mathtype
CWE
CWE-416
Use After Free