CVE-2011-1553

Priority
Low
Description
Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf
before 3.02pl6, teTeX, and other products, allows remote attackers to cause
a denial of service (application crash) via a PDF document containing a
crafted Type 1 font that triggers an invalid memory write, a different
vulnerability than CVE-2011-0764.
References
Bugs
Notes
mdeslaur> xpdf in natty is now built with the poppler engine
mdeslaur> xpdf in earlier releases seems to use system t1lib
Assigned-to
jdstrand
Package
Source: t1lib (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (5.1.2-3ubuntu0.10.04.2)
Ubuntu 11.10 (Oneiric Ocelot):released (5.1.2-3ubuntu0.11.10.2)
Ubuntu 12.04 LTS (Precise Pangolin):released (5.1.2-3.4ubuntu1)
Patches:
Vendor:https://bugzilla.redhat.com/show_bug.cgi?id=692909
More Information

Valid XHTML 1.0 Strict

Updated: 2012-11-21 17:14:57 UTC (commit 6077)