CVE-2011-0764

Publication date 31 March 2011

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.

Read the notes from the security team

Status

Package Ubuntu Release Status
t1lib 11.10 oneiric
Fixed 5.1.2-3ubuntu0.11.10.1
11.04 natty
Fixed 5.1.2-3ubuntu0.11.04.1
10.10 maverick
Fixed 5.1.2-3ubuntu0.10.10.1
10.04 LTS lucid
Fixed 5.1.2-3ubuntu0.10.04.1
9.10 karmic Ignored end of life
8.04 LTS hardy Ignored end of life
6.06 LTS dapper Ignored end of life

Notes

mdeslaur

xpdf in natty is now built with the poppler engine xpdf in earlier releases seems to use system t1lib

jdstrand

requested reproducers from report on 2011-10-13

References

Related Ubuntu Security Notices (USN)

Other references