Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Ubuntu 22.04 LTS: USN-7572-1 critical: node-katex denial of service

ubuntu
Calendar Grey June 18, 2025
Dist Ubuntu Esm H88
Vulnerabilities within KaTeX pose security concerns for Ubuntu distributions, encompassing potential denial of service and opportunities for malicious code execution.
Several security issues were fixed in KaTeX.

Summary

Several security issues were fixed in KaTeX.

Software Description:

- node-katex: JavaScript library for TeX math rendering

Details:

Juho Forsén discovered that KaTeX did not correctly handle certain

inputs, which could lead to an infinite loop. If a user or application

were tricked into opening a specially crafted file, an attacker could

possibly use this issue to cause a denial of service. This issue only

affected Ubuntu 22.04 LTS. (CVE-2024-28243)

Tobias S. Fink discovered that KaTeX did not correctly block certain

URL protocols. If a user or system were tricked into opening a specially

crafted file, an attacker could possibly use this issue to execute

arbitrary code. This issue only affected Ubuntu 22.04 LTS.

(CVE-2024-28246)

It was discovered that KaTeX did not correctly handle certain inputs. If

a user or system were tricked into opening a specially crafted file, an

attacker could possibly use this issue to execute arbitrary code. This

issue only affected Ubuntu 22.04 LT...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  katex                           0.16.10+~cs6.1.0-2ubuntu0.25.04.1
  libjs-katex                     0.16.10+~cs6.1.0-2ubuntu0.25.04.1

Ubuntu 24.10
  katex                           0.16.10+~cs6.1.0-2ubuntu0.24.10.1
  libjs-katex                     0.16.10+~cs6.1.0-2ubuntu0.24.10.1

Ubuntu 24.04 LTS
  katex                           0.16.10+~cs6.1.0-2ubuntu0.24.04.1~esm1
                                  Available with Ubuntu Pro
  libjs-katex                     0.16.10+~cs6.1.0-2ubuntu0.24.04.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  katex                           0.13.11+~cs6.0.0-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libjs-katex                     0.13.11+~cs6.0.0-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7572-1

CVE-2024-28243, CVE-2024-28245, CVE-2024-28246, CVE-2025-23207

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7572-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here