DSA-2388

Executive Summary

Summary
Title	t1lib security update

Informations
Name	DSA-2388	First vendor Publication	2012-01-14
Vendor	Debian	Last vendor Modification	2012-01-14
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.6	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	High
Cvss Expoit Score	4.9	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities were discovered in t1lib, a Postscript Type 1 font rasterizer library, some of which might lead to code execution through the opening of files embedding bad fonts.

CVE-2010-2642 A heap-based buffer overflow in the AFM font metrics parser potentially leads to the execution of arbitrary code.

CVE-2011-0433 Another heap-based buffer overflow in the AFM font metrics parser potentially leads to the execution of arbitrary code.

CVE-2011-0764 An invalid pointer dereference allows execution of arbitrary code using crafted Type 1 fonts.

CVE-2011-1552 Another invalid pointer dereference results in an application crash, triggered by crafted Type 1 fonts.

CVE-2011-1553 A use-after-free vulnerability results in an application crash, triggered by crafted Type 1 fonts.

CVE-2011-1554 An off-by-one error results in an invalid memory read and application crash, triggered by crafted Type 1 fonts.

For the oldstable distribution (lenny), this problem has been fixed in version 5.1.2-3+lenny1.

For the stable distribution (squeeze), this problem has been fixed in version 5.1.2-3+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in version 5.1.2-3.3.

For the unstable distribution (sid), this problem has been fixed in version 5.1.2-3.3.

We recommend that you upgrade your t1lib packages.

Original Source

Url : http://www.debian.org/security/2012/dsa-2388

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-399	Resource Management Errors
CWE-189	Numeric Errors
CWE-20	Improper Input Validation

CPE : Common Platform Enumeration

Type	Description	Count
Application	Foolabs Xpdf cpe:/a:foolabs:xpdf:3.02pl5 cpe:/a:foolabs:xpdf:3.02pl4 cpe:/a:foolabs:xpdf:3.02pl3 cpe:/a:foolabs:xpdf:3.02pl2 cpe:/a:foolabs:xpdf:3.02pl1 cpe:/a:foolabs:xpdf:3.02 cpe:/a:foolabs:xpdf:3.01 cpe:/a:foolabs:xpdf:3.00 cpe:/a:foolabs:xpdf:3.0.1 cpe:/a:foolabs:xpdf:2.03 cpe:/a:foolabs:xpdf:2.02 cpe:/a:foolabs:xpdf:2.01 cpe:/a:foolabs:xpdf:2.00 cpe:/a:foolabs:xpdf:1.01 cpe:/a:foolabs:xpdf:1.00a cpe:/a:foolabs:xpdf:1.00 cpe:/a:foolabs:xpdf:0.93c cpe:/a:foolabs:xpdf:0.93b cpe:/a:foolabs:xpdf:0.93a cpe:/a:foolabs:xpdf:0.93 cpe:/a:foolabs:xpdf:0.92e cpe:/a:foolabs:xpdf:0.92d cpe:/a:foolabs:xpdf:0.92c cpe:/a:foolabs:xpdf:0.92b cpe:/a:foolabs:xpdf:0.92a cpe:/a:foolabs:xpdf:0.92 cpe:/a:foolabs:xpdf:0.91c cpe:/a:foolabs:xpdf:0.91b cpe:/a:foolabs:xpdf:0.91a cpe:/a:foolabs:xpdf:0.91 cpe:/a:foolabs:xpdf:0.90 cpe:/a:foolabs:xpdf:0.80 cpe:/a:foolabs:xpdf:0.7a cpe:/a:foolabs:xpdf:0.7 cpe:/a:foolabs:xpdf:0.6 cpe:/a:foolabs:xpdf:0.5a cpe:/a:foolabs:xpdf:0.5 cpe:/a:foolabs:xpdf:0.4 cpe:/a:foolabs:xpdf:0.3 cpe:/a:foolabs:xpdf:0.2	40
Application	Gnome Evince cpe:/a:gnome:evince:-	1
Application	Redhat Evince cpe:/a:redhat:evince:2.32 cpe:/a:redhat:evince:2.31.92 cpe:/a:redhat:evince:2.31.90 cpe:/a:redhat:evince:2.31.6.1 cpe:/a:redhat:evince:2.31.6 cpe:/a:redhat:evince:2.31.4.1 cpe:/a:redhat:evince:2.31.4 cpe:/a:redhat:evince:2.31.2 cpe:/a:redhat:evince:2.31.1 cpe:/a:redhat:evince:2.31 cpe:/a:redhat:evince:2.30.3 cpe:/a:redhat:evince:2.30.2 cpe:/a:redhat:evince:2.30 cpe:/a:redhat:evince:2.29.92 cpe:/a:redhat:evince:2.29 cpe:/a:redhat:evince:2.28 cpe:/a:redhat:evince:2.27 cpe:/a:redhat:evince:2.26 cpe:/a:redhat:evince:2.25 cpe:/a:redhat:evince:2.24 cpe:/a:redhat:evince:2.23 cpe:/a:redhat:evince:2.22 cpe:/a:redhat:evince:2.21 cpe:/a:redhat:evince:2.20 cpe:/a:redhat:evince:2.19 cpe:/a:redhat:evince:0.9 cpe:/a:redhat:evince:0.8 cpe:/a:redhat:evince:0.7 cpe:/a:redhat:evince:0.6 cpe:/a:redhat:evince:0.5 cpe:/a:redhat:evince:0.4 cpe:/a:redhat:evince:0.3 cpe:/a:redhat:evince:0.2 cpe:/a:redhat:evince:0.1	34
Application	t1lib t1lib cpe:/a:t1lib:t1lib:5.1.2 cpe:/a:t1lib:t1lib:5.1.1 cpe:/a:t1lib:t1lib:5.1.0 cpe:/a:t1lib:t1lib:5.0.2 cpe:/a:t1lib:t1lib:5.0.1 cpe:/a:t1lib:t1lib:5.0.0 cpe:/a:t1lib:t1lib:1.3.1 cpe:/a:t1lib:t1lib:1.3 cpe:/a:t1lib:t1lib:1.2 cpe:/a:t1lib:t1lib:1.1.1 cpe:/a:t1lib:t1lib:1.1.0 cpe:/a:t1lib:t1lib:1.0.1 cpe:/a:t1lib:t1lib:1.0 cpe:/a:t1lib:t1lib:0.9.2 cpe:/a:t1lib:t1lib:0.9.1 cpe:/a:t1lib:t1lib:0.9 cpe:/a:t1lib:t1lib:0.8:beta cpe:/a:t1lib:t1lib:0.7:beta cpe:/a:t1lib:t1lib:0.6:beta cpe:/a:t1lib:t1lib:0.5:beta cpe:/a:t1lib:t1lib:0.4:beta cpe:/a:t1lib:t1lib:0.3:beta cpe:/a:t1lib:t1lib:0.2:beta cpe:/a:t1lib:t1lib:0.1:alpha cpe:/a:t1lib:t1lib	25
Application	Tetex Tetex cpe:/a:tetex:tetex:3.0	1
Application	Tug Tetex cpe:/a:tug:tetex:3.0	1

Open Source Vulnerability Database (OSVDB)

id	Description
74729	Evince DVI File AFM Font Parsing Overflow
74528	t1lib PDF Type 1 Font Handling Invalid Memory Write Use-after-free DoS
74527	t1lib PDF Type 1 Font Handling Invalid Memory Location DoS
74526	t1lib PDF Type 1 Font Handling Off-by-one Overflow DoS
72302	t1lib PDF Type 1 Font Handling Invalid Pointer Code Execution
70302	Evince backend/dvi/mdvi-lib/afmparse.c token() Function Overflow

Alert History

If you want to see full details history, please login or register.

Date	Informations
2012-11-19 13:20:02	Multiple Updates

Type	Count
CPE ID(s)	102
osvdb(s)	6

Related	Severity
CVE-2010-2642	(High)
CVE-2011-0764	(Medium)
CVE-2011-0433	(Medium)
CVE-2011-1554	(Medium)
CVE-2011-1553	(Medium)
CVE-2011-1552	(Medium)

Same Subject	Severity
Login to view 17 more Alert(s)

DSA-2388

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU