Duck

**Name of the Vulnerable Software and Affected Versions** Tex Live version 944e257 **Description** The issue is related to a NULL pointer dereference in the `writet1.c` file located in `texk/web2c/pdftexdir`. This occurs when handling a crafted `cmr10.pfb` file. It is noted that the categorization of this issue is disputed, with some considering it a usability problem rather than a security vulnerability. **Recommendations** For Tex Live version 944e257, as a temporary workaround, consider restricting the use of the `writet1.c` function until a patch is available. Additionally, avoid using crafted files such as `cmr10.pfb` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TeX Live version 944e257 **Description** The issue in TeX Live allows a NULL pointer dereference in the `tounicode.c` file, located in `texk/web2c/pdftexdir`. However, it is noted that this issue is disputed and might be categorized as a usability problem rather than a security vulnerability. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For TeX Live version 944e257, at the moment, there is no information about a newer version that contains a fix for this issue.