CVE-2011-0764

Name of the Vulnerable Software and Affected Versions texlive-debuginfo-2007 versions 2007 texlive-dviutils-2007 versions 2007 texlive-context-2007 versions 2007 texlive-utils-2007 versions 2007 texlive-2007 versions 2007 t1lib versions 5.1.2 and earlier texlive-xetex-2007 versions 2007 mendexk-2.6e versions 2.6e texlive-dvips-2007 versions 2007 texlive-latex-2007 versions 2007 texlive-afm-2007 versions 2007 kpathsea-2007 versions 2007 kpathsea-devel-2007 versions 2007 texlive-east-asian-2007 versions 2007

Description The issue is related to multiple vulnerabilities in various packages of the texlive and t1lib software, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities affect various operating systems, including CentOS and Red Hat Enterprise Linux. The exploitation of these vulnerabilities can result in the execution of arbitrary code via a crafted Type 1 font in a PDF document.

Recommendations For texlive-debuginfo-2007 version 2007, update to a newer version. For texlive-dviutils-2007 version 2007, update to a newer version. For texlive-context-2007 version 2007, update to a newer version. For texlive-utils-2007 version 2007, update to a newer version. For texlive-2007 version 2007, update to a newer version. For t1lib version 5.1.2 and earlier, update to a newer version. For texlive-xetex-2007 version 2007, update to a newer version. For mendexk-2.6e version 2.6e, update to a newer version. For texlive-dvips-2007 version 2007, update to a newer version. For texlive-latex-2007 version 2007, update to a newer version. For texlive-afm-2007 version 2007, update to a newer version. For kpathsea-2007 version 2007, update to a newer version. For kpathsea-devel-2007 version 2007, update to a newer version. For texlive-east-asian-2007 version 2007, update to a newer version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.