PublicDateAtUSN: 2011-03-31
Candidate: CVE-2011-0764
PublicDate: 2011-03-31 22:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0764
 http://www.toucan-system.com/advisories/tssa-2011-01.txt
 https://ubuntu.com/security/notices/USN-1316-1
Description:
 t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other
 products, uses an invalid pointer in conjunction with a dereference
 operation, which allows remote attackers to execute arbitrary code via a
 crafted Type 1 font in a PDF document, as demonstrated by
 testz.2184122398.pdf.
Ubuntu-Description:
Notes:
 mdeslaur> xpdf in natty is now built with the poppler engine
 mdeslaur> xpdf in earlier releases seems to use system t1lib
 jdstrand> requested reproducers from report on 2011-10-13
Bugs:
Priority: medium
Discovered-by: Jonathan Brossard
Assigned-to: tyhicks
CVSS: 

Patches_t1lib:
upstream_t1lib: released (5.1.2-3.3)
dapper_t1lib: ignored (reached end-of-life)
hardy_t1lib: ignored (reached end-of-life)
karmic_t1lib: ignored (reached end-of-life)
lucid_t1lib: released (5.1.2-3ubuntu0.10.04.1)
maverick_t1lib: released (5.1.2-3ubuntu0.10.10.1)
natty_t1lib: released (5.1.2-3ubuntu0.11.04.1)
oneiric_t1lib: released (5.1.2-3ubuntu0.11.10.1)
devel_t1lib: released (5.1.2-3ubuntu3)