CVE-2011-0433
Priority
Medium
Description
A heap-based buffer overflow flaw was found in the way AFM font file
parser, used for rendering of DVI files, in GNOME evince document viewer
and other products, processed line tokens from the given input stream.
A remote attacker could provide a DVI file, with embedded specially-crafted
font file, and trick the local user to open it with an application using
the AFM font parser, leading to that particular application crash or,
potentially, arbitrary code execution with the privileges of the user
running the application. Different vulnerability than CVE-2010-2642.
parser, used for rendering of DVI files, in GNOME evince document viewer
and other products, processed line tokens from the given input stream.
A remote attacker could provide a DVI file, with embedded specially-crafted
font file, and trick the local user to open it with an application using
the AFM font parser, leading to that particular application crash or,
potentially, arbitrary code execution with the privileges of the user
running the application. Different vulnerability than CVE-2010-2642.
References
Bugs
Notes
mdeslaur> original patch had an off by one, see second gnome bug
mdeslaur> patch for t1lib in RH bug
jdstrand> 5.1.2-3.4 in Debian claims to have fixed this, but the patch wasn't
applied
mdeslaur> patch for t1lib in RH bug
jdstrand> 5.1.2-3.4 in Debian claims to have fixed this, but the patch wasn't
applied
Assigned-to
jdstrand
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.30.3-0ubuntu1.3) |
| Ubuntu 10.10 (Maverick Meerkat): | released (2.32.0-0ubuntu1.2) |
| Ubuntu 11.04 (Natty Narwhal): | released (2.32.0-0ubuntu12.4) |
| Ubuntu 11.10 (Oneiric Ocelot): | not-affected (3.2.1-0ubuntu2) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected |
Patches:
| Upstream: | http://git.gnome.org/browse/evince/patch/?id=439c5070022eab6cef7266aab47f978058012c72 |
| Upstream: | http://git.gnome.org/browse/evince/patch/?id=efadec4ffcdde3373f6f4ca0eaac98dc963c4fd5 |
Package
| Upstream: | pending (5.1.2-3.5) |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (5.1.2-3ubuntu0.10.04.2) |
| Ubuntu 10.10 (Maverick Meerkat): | released (5.1.2-3ubuntu0.10.10.2) |
| Ubuntu 11.04 (Natty Narwhal): | released (5.1.2-3ubuntu0.11.04.2) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (5.1.2-3ubuntu0.11.10.2) |
| Ubuntu 12.04 LTS (Precise Pangolin): | released (5.1.2-3.4ubuntu1) |