An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.
References
Link | Resource |
---|---|
https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c | Patch Third Party Advisory |
https://lists.debian.org/debian-security-announce/2018/msg00230.html | Mailing List Third Party Advisory |
https://usn.ubuntu.com/3788-1/ | Third Party Advisory |
https://usn.ubuntu.com/3788-2/ | Third Party Advisory |
https://www.debian.org/security/2018/dsa-4299 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-09-23T21:00:00
Updated: 2018-10-24T09:57:01
Reserved: 2018-09-23T00:00:00
Link: CVE-2018-17407
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-09-23T21:29:00.280
Modified: 2018-11-15T16:11:25.753
Link: CVE-2018-17407
JSON object: View
Redhat Information
No data.
CWE