
oss-sec mailing list archives
CVE-2018-17407: Tex-Live buffer overflow in handling of Type 1 fonts
From: Nick Roessler <nicholas.e.roessler () gmail com>
Date: Mon, 8 Oct 2018 12:54:34 -0400
Hey all,I wanted to make everyone aware of a security update for TeX Live, a distribution of the TeX document preparation software. A buffer overflow in the handling of Type 1 fonts (.pfb files) allows arbitrary local code execution without privilege escalation when a malicious font is loaded by one of the vulnerable tools (pdflatex, pdftex, luatex, dvips).
The patch was rolled out on Sept 21. See: https://www.debian.org/security/2018/dsa-4299 https://security-tracker.debian.org/tracker/CVE-2018-17407 Thanks, -- Nick
Current thread:
- CVE-2018-17407: Tex-Live buffer overflow in handling of Type 1 fonts Nick Roessler (Oct 08)