Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-2388-1 t1lib -- several vulnerabilities

Related Vulnerabilities: CVE-2010-2642   CVE-2011-0433   CVE-2011-0764   CVE-2011-1552   CVE-2011-1553   CVE-2011-1554  

Several vulnerabilities were discovered in t1lib, a Postscript Type 1 font rasterizer library, some of which might lead to code execution through the opening of files embedding bad fonts. CVE-2010-2642 A heap-based buffer overflow in the AFM font metrics parser potentially leads to the execution of arbitrary code. CVE-2011-0433 Another heap-based buffer overflow in the AFM font metrics parser potentially leads to the execution of arbitrary code. CVE-2011-0764 An invalid pointer dereference allows execution of arbitrary code using crafted Type 1 fonts. CVE-2011-1552 Another invalid pointer dereference results in an application crash, triggered by crafted Type 1 fonts. CVE-2011-1553 A use-after-free vulnerability results in an application crash, triggered by crafted Type 1 fonts. CVE-2011-1554 An off-by-one error results in an invalid memory read and application crash, triggered by crafted Type 1 fonts. For the oldstable distribution (lenny), this problem has been fixed in version 5.1.2-3+lenny1. For the stable distribution (squeeze), this problem has been fixed in version 5.1.2-3+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 5.1.2-3.4. For the unstable distribution (sid), this problem has been fixed in version 5.1.2-3.4. We recommend that you upgrade your t1lib packages.

Source

Debian Security Advisory

DSA-2388-1 t1lib -- several vulnerabilities

Date Reported:
14 Jan 2012
Affected Packages:
t1lib
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 652996.
In Mitre's CVE dictionary: CVE-2010-2642, CVE-2011-0433, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554.
More information:

Several vulnerabilities were discovered in t1lib, a Postscript Type 1 font rasterizer library, some of which might lead to code execution through the opening of files embedding bad fonts.

  • CVE-2010-2642

    A heap-based buffer overflow in the AFM font metrics parser potentially leads to the execution of arbitrary code.

  • CVE-2011-0433

    Another heap-based buffer overflow in the AFM font metrics parser potentially leads to the execution of arbitrary code.

  • CVE-2011-0764

    An invalid pointer dereference allows execution of arbitrary code using crafted Type 1 fonts.

  • CVE-2011-1552

    Another invalid pointer dereference results in an application crash, triggered by crafted Type 1 fonts.

  • CVE-2011-1553

    A use-after-free vulnerability results in an application crash, triggered by crafted Type 1 fonts.

  • CVE-2011-1554

    An off-by-one error results in an invalid memory read and application crash, triggered by crafted Type 1 fonts.

For the oldstable distribution (lenny), this problem has been fixed in version 5.1.2-3+lenny1.

For the stable distribution (squeeze), this problem has been fixed in version 5.1.2-3+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in version 5.1.2-3.4.

For the unstable distribution (sid), this problem has been fixed in version 5.1.2-3.4.

We recommend that you upgrade your t1lib packages.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started