Exploiting LaTeX with CVE-2018-17407

This post is about a heap memory corruption vulnerability in TeX Live, the popular distribution of LaTeX. It is tracked by CVE-2018-17407. I couldn’t resist writing an end-to-end exploit for it, so the majority of this writeup demonstrates how the bug can be leveraged for an arbitrary code execution attack when pdflatex is run on […]