CVE-2011-1554

Name of the Vulnerable Software and Affected Versions texlive-debuginfo-2007 versions 2007 texlive-dviutils-2007 versions 2007 texlive-context-2007 versions 2007 texlive-utils-2007 versions 2007 texlive-2007 versions 2007 t1lib versions 5.1.2 and earlier texlive-xetex-2007 versions 2007 mendexk-2.6e versions 2.6e texlive-dvips-2007 versions 2007 texlive-latex-2007 versions 2007 texlive-afm-2007 versions 2007 kpathsea-2007 versions 2007 kpathsea-devel-2007 versions 2007 texlive-east-asian-2007 versions 2007

Description The issue is related to multiple vulnerabilities in various packages of the texlive and t1lib software, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities are caused by an off-by-one error in t1lib 5.1.2 and earlier, which can lead to a denial of service (application crash) via a crafted Type 1 font.

Recommendations For texlive-debuginfo-2007 version 2007, update to a newer version. For texlive-dviutils-2007 version 2007, update to a newer version. For texlive-context-2007 version 2007, update to a newer version. For texlive-utils-2007 version 2007, update to a newer version. For texlive-2007 version 2007, update to a newer version. For t1lib version 5.1.2 and earlier, update to a newer version. For texlive-xetex-2007 version 2007, update to a newer version. For mendexk-2.6e version 2.6e, update to a newer version. For texlive-dvips-2007 version 2007, update to a newer version. For texlive-latex-2007 version 2007, update to a newer version. For texlive-afm-2007 version 2007, update to a newer version. For kpathsea-2007 version 2007, update to a newer version. For kpathsea-devel-2007 version 2007, update to a newer version. For texlive-east-asian-2007 version 2007, update to a newer version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.