An issue exists in t1_check_unusual_charstring functions in writet1.c files in TeX Live prior to 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tug tex live |
||
canonical ubuntu linux 18.10 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 18.04 |
||
debian debian linux 9.0 |
||
debian debian linux 8.0 |