Threat Advisory

Ratex Parser Flaw Aborts Entire Process on Malformed Input

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in ratex-parser. The overall risk/impact is significant, with affected versions prior to 0.1.11 vulnerable to denial-of-service attacks and potential crashes due to untrusted LaTeX input.

CVE-2026-53530 (CVSS 8.7 — High): The vulnerability is a panic on `\verb` with a multibyte delimiter (UTF-8 byte-boundary slice), affecting the ratex-parser component, exploited by an attacker through untrusted LaTeX input, resulting in a hard denial of service for any service that renders untrusted LaTeX.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in ratex-parser. The overall risk/impact is significant, with affected versions prior to 0.1.11 vulnerable to denial-of-service attacks and potential crashes due to untrusted LaTeX input.

CVE-2026-53530 (CVSS 8.7 — High): The vulnerability is a panic on `\verb` with a multibyte delimiter (UTF-8 byte-boundary slice), affecting the ratex-parser component, exploited by an attacker through untrusted LaTeX input, resulting in a hard denial of service for any service that renders untrusted LaTeX.[emaillocker id="1283"]

CVE-2026-53531 (CVSS 6.9 — Medium): The vulnerability is an unbounded parser recursion leading to stack overflow, affecting the ratex-parser component, exploited by an attacker through crafted input, potentially causing process abort and resulting in a denial-of-service attack. These vulnerabilities collectively present a significant risk to applications that render untrusted LaTeX through RaTeX. These vulnerabilities collectively present a significant risk to applications that render untrusted LaTeX through RaTeX.

These vulnerabilities collectively present a significant risk to applications that render untrusted LaTeX through RaTeX.

RECOMMENDATION:

We recommend you to update ratex-parser to version 0.1.11.

REFERENCES:

The following reports contain further technical details:

[/emaillocker]
crossmenu