Vulnerability Database

319,702

Total vulnerabilities in the database

CVE-2024-29073

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.

Published: Jul 22, 2024
Updated: Nov 5, 2025
CVE: CVE-2024-29073
GHSA: GHSA-x3r6-ccvq-cf5v
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CWEs:

CWE-829

Affected Software
References

Software	From	Fixed in
anki	-	24.6
ankiweb / anki	24.04	24.04.x

https://github.com/ankitects/anki/commit/06f7aa393d21d7d5dd8039e15d543b73c3346932
https://github.com/ankitects/anki/pull/3218
https://skerritt.blog/anki-0day
https://skii.dev/anki-0day
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1992
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1992

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo