What is CVE-2024-29073?

CVE-2024-29073 is a medium-severity vulnerability in Ankitects Anki, classified under Inclusion of Functionality from Untrusted Control Sphere. CVSS score: 5.3/10. Published 2024-07-22.

How severe is CVE-2024-29073?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2024-29073 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ankitects Anki

CVE-2024-29073

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specia…

EPSS: 0.026 (86.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N.

Affected products

Ankitects Anki — versions 24.04

Weakness classification (CWE)

CWE-829 — Inclusion of Functionality from Untrusted Control Sphere

Public proof-of-concept exploits

References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1992

Frequently asked questions

What is CVE-2024-29073?: CVE-2024-29073 is a medium-severity vulnerability in Ankitects Anki, classified under Inclusion of Functionality from Untrusted Control Sphere. CVSS score: 5.3/10. Published 2024-07-22.
How severe is CVE-2024-29073?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2024-29073 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.