Is tectonic_xdv affected by CVE-2021-45703?

crates.io tectonic_xdv is affected in <0.1.12.

Is CVE-2021-45703 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 1.2%.

critical

CVE-2021-45703

Q: Is CVE-2021-45703 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 1.2%.

crates.io · tectonic_xdv

Summary

Use of Uninitialized Resource in tectonic_xdv

Severity: critical
EPSS: 1.2% (p64)
Also known as: GHSA-6692-8qqf-79jc, GHSA-qwvx-c8j7-5g75, RUSTSEC-2021-0112
Published: 2022-01-06

References

https://nvd.nist.gov/vuln/detail/CVE-2021-45703
https://github.com/tectonic-typesetting/tectonic/issues/752
https://github.com/tectonic-typesetting/tectonic/commit/cdff034e6d93cdfdafd13d8c6956e22fa5a57b79

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.