CVE-2024-29073 MEDIUM

CVE-2024-29073

Vendor Ankitects
Product Anki
Weakness CWE-829 · Inclusion from untrusted sphere
Published July 22, 2024
Last update November 4, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.

Key dates

02Disclosure timeline

July 22, 2024 CVE published
November 4, 2025 Record updated

Related vulnerabilities

04Related CVE