CVE-2011-1400

medium

Published 2011-03-25 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

6.8

Description

The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact

Ubuntu Affected 2 releases

Version	Status	Fixed in
10.10	Affected	—
10.04	Affected	—

Debian Mixed 6 releases

Version	Status	Fixed in
trixie	Fixed	`2.09`
sid	Fixed	`2.09`
forky	Fixed	`2.09`
bullseye	Fixed	`2.09`
bookworm	Fixed	`2.09`
—	Affected	—

Application impact

Vendor	Product	Versions
debian	tex-common	`0.1`
debian	tex-common	`0.2`
debian	tex-common	`0.3`
debian	tex-common	`0.4`
debian	tex-common	`0.5`
debian	tex-common	`0.6`
debian	tex-common	`0.7`
debian	tex-common	`0.8`
debian	tex-common	`0.9`
debian	tex-common	`0.10`
debian	tex-common	`0.11`
debian	tex-common	`0.12`
debian	tex-common	`0.13`
debian	tex-common	`0.14`
debian	tex-common	`0.15`
debian	tex-common	`0.16`
debian	tex-common	`0.17`
debian	tex-common	`0.18`
debian	tex-common	`0.19`
debian	tex-common	`0.20`
debian	tex-common	`0.21`
debian	tex-common	`0.22`
debian	tex-common	`0.23`
debian	tex-common	`0.24`
debian	tex-common	`0.25`
debian	tex-common	`0.26`
debian	tex-common	`0.27`
debian	tex-common	`0.28`
debian	tex-common	`0.29`
debian	tex-common	`0.30`
debian	tex-common	`0.31`
debian	tex-common	`0.32`
debian	tex-common	`0.33`
debian	tex-common	`0.34`
debian	tex-common	`0.35`
debian	tex-common	`0.36`
debian	tex-common	`0.37`
debian	tex-common	`0.38`
debian	tex-common	`0.39`
debian	tex-common	`0.40`
debian	tex-common	`0.41`
debian	tex-common	`0.42`
debian	tex-common	`0.43`
debian	tex-common	`0.44`
debian	tex-common	`1.0`
debian	tex-common	`1.1`
debian	tex-common	`1.2`
debian	tex-common	`1.3`
debian	tex-common	`1.4`
debian	tex-common	`1.5`
debian	tex-common	`1.6`
debian	tex-common	`1.7`
debian	tex-common	`1.8`
debian	tex-common	`1.9`
debian	tex-common	`1.10`
debian	tex-common	`1.11`
debian	tex-common	`1.11.1`
debian	tex-common	`1.11.2`
debian	tex-common	`1.11.3`
debian	tex-common	`1.12`
debian	tex-common	`1.13`
debian	tex-common	`1.14`
debian	tex-common	`1.15`
debian	tex-common	`1.16`
debian	tex-common	`1.17`
debian	tex-common	`1.18`
debian	tex-common	`1.19`
debian	tex-common	`1.20`
debian	tex-common	`2.00`
debian	tex-common	`2.01`
debian	tex-common	`2.02`
debian	tex-common	`2.03`
debian	tex-common	`2.04`
debian	tex-common	`2.05`
debian	tex-common	`2.06`
debian	tex-common	`2.07`
debian	tex-common	`2.08`

References

CWEs

CWE-16

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.