CVE-2011-0764

Priority
Medium
Description
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other
products, uses an invalid pointer in conjunction with a dereference
operation, which allows remote attackers to execute arbitrary code via a
crafted Type 1 font in a PDF document, as demonstrated by
testz.2184122398.pdf.
References
Notes
mdeslaur> xpdf in natty is now built with the poppler engine
mdeslaur> xpdf in earlier releases seems to use system t1lib
jdstrand> requested reproducers from report on 2011-10-13
Assigned-to
tyhicks
Package
Source: t1lib (LP Ubuntu Debian)
Upstream:released (5.1.2-3.3)
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (5.1.2-3ubuntu0.10.04.1)
Ubuntu 11.10 (Oneiric Ocelot):released (5.1.2-3ubuntu0.11.10.1)
Ubuntu 12.04 LTS (Precise Pangolin):released (5.1.2-3ubuntu3)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-11-21 17:14:57 UTC (commit 6077)