Several security issues were fixed in KaTeX.
Software Description:
- node-katex: JavaScript library for TeX math rendering
Details:
Juho Forsén discovered that KaTeX did not correctly handle certain
inputs, which could lead to an infinite loop. If a user or application
were tricked into opening a specially crafted file, an attacker could
possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS. (CVE-2024-28243)
Tobias S. Fink discovered that KaTeX did not correctly block certain
URL protocols. If a user or system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS.
(CVE-2024-28246)
It was discovered that KaTeX did not correctly handle certain inputs. If
a user or system were tricked into opening a specially crafted file, an
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 22.04 LT...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
katex 0.16.10+~cs6.1.0-2ubuntu0.25.04.1
libjs-katex 0.16.10+~cs6.1.0-2ubuntu0.25.04.1
Ubuntu 24.10
katex 0.16.10+~cs6.1.0-2ubuntu0.24.10.1
libjs-katex 0.16.10+~cs6.1.0-2ubuntu0.24.10.1
Ubuntu 24.04 LTS
katex 0.16.10+~cs6.1.0-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libjs-katex 0.16.10+~cs6.1.0-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
katex 0.13.11+~cs6.0.0-2ubuntu0.1~esm1
Available with Ubuntu Pro
libjs-katex 0.13.11+~cs6.0.0-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-7572-1
CVE-2024-28243, CVE-2024-28245, CVE-2024-28246, CVE-2025-23207
Get the latest Linux and open source security news straight to your inbox.