CVE-2024-32152
A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability.
The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.
Ankitects Anki 24.04
Anki - https://apps.ankiweb.net/
3.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE-184 - Incomplete Blacklist
Anki is an open-source program that helps with memorization of information through the use of flash cards. It supports syncing of these cards across multiple computers as well as sharing cards with other users. It supports multiple different content types such as images, audio, videos, and scientific notation (via LaTeX).
Anki offers users the option to publicy share their decks, and it is normal behaviour to use them; there are no warnings or checks in place to prevent using cards from someone else. A malicious user could share a deck to trigger the following vulnerability.
Anki uses LaTeX to show images or other TeX models in the flashcards. There are some TeX commands which will allow you to do things you shouldn’t do, such as read files or write files. This requires MiKTeX to be installed as suggest by Anki’s documentation. Anki uses a blocklist to prevent these commands from being called. We can get around this blocklist using hex characters.
Anki uses this code to block bad commands from being called.
for bad in (
"\\write18",
"\\readline",
"\\input",
"\\include",
"\\catcode",
"\\openout",
"\\write",
"\\loop",
"\\def",
"\\shipout",
):
# don't mind if the sequence is only part of a command
bad_re = f"\\{bad}[^a-zA-Z]"
if re.search(bad_re, tmplatex):
return col.tr.media_for_security_reasons_is_not(val=bad)
We can replace a character with its hex code to get around this blocklist. For example:
\documentclass[12pt]{article}
\special{papersize=3in,5in}
\usepackage[utf8]{inputenc}
\usepackage{amssymb,amsmath}
\pagestyle{empty}
\setlength{\parindent}{0in}
\begin{document}
\newwrite\outfile
\immediate\openou^^74\outfile=evil.txt
\wri^^74e\outfile{Hello, world!}
\closeout\outfile
An attacker using this bypass can create a file with arbitrary content in the temp directory for the application (/tmp/anki/
in Linux and c:\Users\<Username>\AppData\Local\Temp\anki_temp\
in Windows).
2024-05-27 - Vendor Disclosure
2024-06-24 - Vendor Patch Release
2024-07-22 - Public Release
Discovered by Autumn Bee Skerritt of Cisco Duo Security and Jacob B.