CVE-2015-5701

Name: CVE-2015-5701
Creator: NVD / NIST
Published: 2017-08-25T18:29:00.903+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.42%

Last modified Jun 17, 2026

CVE-2015-5701 is a vulnerability of currently unknown severity. mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.. EPSS estimates a 0.42% chance of exploitation in the next 30 days.

Description

mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.

Metrics

EPSS Probability

0.42%

33.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-59

Affected Software

Vendor	Product	Versions
Tug	Texlive	20100722
Tug	Texlive	20110705
Tug	Texlive	20120701
Tug	Texlive	20130530
Tug	Texlive	20140525

References

http://www.openwall.com/lists/oss-security/2015/07/30/6Mailing List, Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1181167Issue Tracking, Patch, Third Party Advisory
https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885Patch, Vendor Advisory
https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=logVendor Advisory
http://www.openwall.com/lists/oss-security/2015/07/30/6Mailing List, Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1181167Issue Tracking, Patch, Third Party Advisory
https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885Patch, Vendor Advisory
https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=logVendor Advisory

Timeline

Published: Aug 25, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-5701?

How severe is CVE-2015-5701?

Severity scoring for CVE-2015-5701 is pending analysis. The EPSS model estimates a 0.42% probability of exploitation in the next 30 days.

How do I fix CVE-2015-5701?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-5701?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST