CVE-2011-0764

Publication date 31 March 2011

Last updated 24 July 2024

Ubuntu priority

t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
t1lib	11.10 oneiric	Fixed 5.1.2-3ubuntu0.11.10.1
	11.04 natty	Fixed 5.1.2-3ubuntu0.11.04.1
	10.10 maverick	Fixed 5.1.2-3ubuntu0.10.10.1
	10.04 LTS lucid	Fixed 5.1.2-3ubuntu0.10.04.1
	9.10 karmic	Ignored
	8.04 LTS hardy	Ignored
	6.06 LTS dapper	Ignored

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

xpdf in natty is now built with the poppler engine xpdf in earlier releases seems to use system t1lib

jdstrand

requested reproducers from report on 2011-10-13

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1316-1
t1lib vulnerability
21 December 2011

Other references

http://www.toucan-system.com/advisories/tssa-2011-01.txt
https://www.cve.org/CVERecord?id=CVE-2011-0764