CVE-2011-1552

Name of the Vulnerable Software and Affected Versions t1lib versions 5.1.2 and earlier texlive-debuginfo-2007 version 2007 texlive-dviutils-2007 version 2007 texlive-context-2007 version 2007 texlive-utils-2007 version 2007 texlive-2007 version 2007 texlive-xetex-2007 version 2007 texlive-dvips-2007 version 2007 mendexk-2.6e version 2.6e texlive-latex-2007 version 2007 texlive-afm-2007 version 2007 kpathsea-2007 version 2007 kpathsea-devel-2007 version 2007 texlive-east-asian-2007 version 2007

Description The issue is related to multiple vulnerabilities in various packages, including t1lib, texlive-debuginfo-2007, texlive-dviutils-2007, texlive-context-2007, texlive-utils-2007, texlive-2007, texlive-xetex-2007, texlive-dvips-2007, mendexk-2.6e, texlive-latex-2007, texlive-afm-2007, kpathsea-2007, kpathsea-devel-2007, and texlive-east-asian-2007. These vulnerabilities can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be done remotely. In the case of t1lib, the vulnerability allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document.

Recommendations For t1lib versions 5.1.2 and earlier, consider updating to a version later than 5.1.2. For texlive-debuginfo-2007 version 2007, update to a newer version of the package. For texlive-dviutils-2007 version 2007, update to a newer version of the package. For texlive-context-2007 version 2007, update to a newer version of the package. For texlive-utils-2007 version 2007, update to a newer version of the package. For texlive-2007 version 2007, update to a newer version of the package. For texlive-xetex-2007 version 2007, update to a newer version of the package. For texlive-dvips-2007 version 2007, update to a newer version of the package. For mendexk-2.6e version 2.6e, update to a version later than 2.6e. For texlive-latex-2007 version 2007, update to a newer version of the package. For texlive-afm-2007 version 2007, update to a newer version of the package. For kpathsea-2007 version 2007, update to a newer version of the package. For kpathsea-devel-2007 version 2007, update to a newer version of the package. For texlive-east-asian-2007 version 2007, update to a newer version of the package.