CVE-2011-1553

Name of the Vulnerable Software and Affected Versions texlive-debuginfo-2007 versions 2007 texlive-dviutils-2007 versions 2007 texlive-context-2007 versions 2007 texlive-utils-2007 versions 2007 texlive-2007 versions 2007 t1lib versions 5.1.2 and earlier texlive-xetex-2007 versions 2007 texlive-dvips-2007 versions 2007 texlive-latex-2007 versions 2007 texlive-afm-2007 versions 2007 kpathsea-2007 versions 2007 kpathsea-devel-2007 versions 2007 texlive-east-asian-2007 versions 2007 mendexk-2.6e versions 2.6e

Description The issue is related to multiple vulnerabilities in various packages of the texlive and t1lib software, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities affect various operating systems, including CentOS and Red Hat Enterprise Linux. The exploitation of these vulnerabilities can cause a denial of service, such as an application crash, via a crafted Type 1 font in a PDF document.

Recommendations For texlive-debuginfo-2007 version 2007, update to a newer version. For texlive-dviutils-2007 version 2007, update to a newer version. For texlive-context-2007 version 2007, update to a newer version. For texlive-utils-2007 version 2007, update to a newer version. For texlive-2007 version 2007, update to a newer version. For t1lib version 5.1.2 and earlier, update to a version later than 5.1.2. For texlive-xetex-2007 version 2007, update to a newer version. For texlive-dvips-2007 version 2007, update to a newer version. For texlive-latex-2007 version 2007, update to a newer version. For texlive-afm-2007 version 2007, update to a newer version. For kpathsea-2007 version 2007, update to a newer version. For kpathsea-devel-2007 version 2007, update to a newer version. For texlive-east-asian-2007 version 2007, update to a newer version. For mendexk-2.6e version 2.6e, update to a newer version. As a temporary workaround, consider disabling the vulnerable functions until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved.