Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Ubuntu 22.04 LTS: USN-7572-1 critical: node-katex denial of service

ubuntu
Calendar Grey June 18, 2025
Dist Ubuntu Esm H88
Vulnerabilities within KaTeX pose security concerns for Ubuntu distributions, encompassing potential denial of service and opportunities for malicious code execution.
Several security issues were fixed in KaTeX.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in KaTeX. Software Description: - node-katex: JavaScript library for TeX math rendering Details: Juho Forsén discovered that KaTeX did not correctly handle certain inputs, which could lead to an infinite loop. If a user or application were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2024-28243) Tobias S. Fink discovered that KaTeX did not correctly block certain URL protocols. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2024-28246) It was discovered that KaTeX did not correctly handle certain inputs. If a user or system were trick...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service critical code execution ubuntu node-katex

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 katex 0.16.10+~cs6.1.0-2ubuntu0.25.04.1 libjs-katex 0.16.10+~cs6.1.0-2ubuntu0.25.04.1 Ubuntu 24.10 katex 0.16.10+~cs6.1.0-2ubuntu0.24.10.1 libjs-katex 0.16.10+~cs6.1.0-2ubuntu0.24.10.1 Ubuntu 24.04 LTS katex 0.16.10+~cs6.1.0-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libjs-katex 0.16.10+~cs6.1.0-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS katex 0.13.11+~cs6.0.0-2ubuntu0.1~esm1 Available with Ubuntu Pro libjs-katex 0.13.11+~cs6.0.0-2ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7572-1

CVE-2024-28243, CVE-2024-28245, CVE-2024-28246, CVE-2025-23207

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7572-1

Topics%20covered

Topics Covered

security advisory denial of service critical code execution ubuntu node-katex

Package Information

https://launchpad.net/ubuntu/+source/node-katex/0.16.10+~cs6.1.0-2ubuntu0.25.04.1 https://launchpad.net/ubuntu/+source/node-katex/0.16.10+~cs6.1.0-2ubuntu0.24.10.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here