CVE-2011-1552

Priority
Low
Description
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other
products, reads from invalid memory locations, which allows remote
attackers to cause a denial of service (application crash) via a crafted
Type 1 font in a PDF document, a different vulnerability than
CVE-2011-0764.
References
Bugs
Notes
mdeslaur> xpdf in natty is now built with the poppler engine
mdeslaur> xpdf in earlier releases seems to use system t1lib
Assigned-to
jdstrand
Package
Source: t1lib (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (5.1.2-3ubuntu0.10.04.2)
Ubuntu 11.10 (Oneiric Ocelot):released (5.1.2-3ubuntu0.11.10.2)
Ubuntu 12.04 LTS (Precise Pangolin):released (5.1.2-3.4ubuntu1)
Patches:
Vendor:https://bugzilla.redhat.com/show_bug.cgi?id=692909
More Information

Valid XHTML 1.0 Strict

Updated: 2012-11-21 17:14:57 UTC (commit 6077)