| Summary: | <media-libs/t1lib-5.1.2-r1: Multiple Vulnerabilities (CVE-2010-2642,CVE-2011-{0433,0764,1552,1553,1554,5244}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | alexanderyt, fonts |
| Priority: | Normal | Flags: | kensington:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://secunia.com/advisories/43491/ | ||
| Whiteboard: | B2 [glsa cve] | ||
| Package list: |
=media-libs/t1lib-5.1.2-r1
|
Runtime testing required: | --- |
|
Description
Paweł Hajdan, Jr. (RETIRED)
2011-03-13 09:17:07 UTC
CVE-2011-1554 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1554): Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764. CVE-2011-1553 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1553): Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764. CVE-2011-1552 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1552): t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764. CVE-2011-0764 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0764): t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf. CVE-2011-0433 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0433): Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642. CVE-2011-5244 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5244): Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433. *** Bug 444161 has been marked as a duplicate of this bug. *** @ Maintainer(s): I submitted a PR which addresses the reported issues. Please review/comment, accept/decline: https://github.com/gentoo/gentoo/pull/2906 Merged: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0730b1f650e3914fc18814f3a5f6901896b8119 @fonts, ready for stable? @arches, please stabilize: =media-libs/t1lib-5.1.2-r1 amd64 stable x86 stable Stable on alpha. arm stable ppc stable ppc64 stable Stable for HPPA. sparc stable ia64 stable. Maintainer(s), please cleanup. cleanup complete: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13bf7cb0ff00807c17eeefce4c12fbad5ad4f0b1 New GLSA request filed. This issue was resolved and addressed in GLSA 201701-57 at https://security.gentoo.org/glsa/201701-57 by GLSA coordinator Aaron Bauman (b-man). |
