Release date:
Updated on: 2011-12-22
Affected Systems:
Xpdf 3.x
T1lib t1lib
Unaffected system:
Xpdf 3.02pl6
Description:
--------------------------------------------------------------------------------
Bugtraq id: 46941
Cve id: CVE-2011-0764
Xpdf is an open source PDF browser. T1lib is a function library written in C. It is used to generate bitmap from the Adobe Type 1 font.
The Xpdf t1lib library has a remote code execution vulnerability in parsing the Type 1 Font. By enticing users to browse Malicious PDF files using apps in the affected library, arbitrary code is executed.
<* Source: Jonathan Brossard
Link: http://www.securityfocus.com/archive/1/517205
Http://www.kb.cert.org/vuls/id/376500
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
T1lib
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Ftp://sunsite.unc.edu/pub/Linux/libs/graphics