Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2012-048
HistoryMar 04, 2012 - 4:08 p.m.

Medium: texlive

2012-03-0416:08:00
alas.aws.amazon.com
19

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.278 Low

EPSS

Percentile

96.8%

JSON

Issue Overview:

TeX Live embeds a copy of t1lib. The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code:

Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially-crafted font file was opened by a TeX Live utility, it could cause the utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2010-2642, CVE-2011-0433)

An invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2011-0764)

A use-after-free flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2011-1553)

An off-by-one flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2011-1554)

An out-of-bounds memory read flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash. (CVE-2011-1552)

Affected Packages:

texlive

Issue Correction:
Run yum update texlive to update your system.

New Packages:

i686:  
    texlive-dviutils-2007-57.9.amzn1.i686  
    kpathsea-2007-57.9.amzn1.i686  
    texlive-context-2007-57.9.amzn1.i686  
    texlive-afm-2007-57.9.amzn1.i686  
    mendexk-2.6e-57.9.amzn1.i686  
    texlive-xetex-2007-57.9.amzn1.i686  
    texlive-east-asian-2007-57.9.amzn1.i686  
    texlive-debuginfo-2007-57.9.amzn1.i686  
    texlive-utils-2007-57.9.amzn1.i686  
    texlive-dvips-2007-57.9.amzn1.i686  
    texlive-latex-2007-57.9.amzn1.i686  
    kpathsea-devel-2007-57.9.amzn1.i686  
    texlive-2007-57.9.amzn1.i686  
  
src:  
    texlive-2007-57.9.amzn1.src  
  
x86_64:  
    texlive-dvips-2007-57.9.amzn1.x86_64  
    mendexk-2.6e-57.9.amzn1.x86_64  
    texlive-2007-57.9.amzn1.x86_64  
    kpathsea-2007-57.9.amzn1.x86_64  
    texlive-debuginfo-2007-57.9.amzn1.x86_64  
    texlive-context-2007-57.9.amzn1.x86_64  
    texlive-afm-2007-57.9.amzn1.x86_64  
    texlive-latex-2007-57.9.amzn1.x86_64  
    texlive-utils-2007-57.9.amzn1.x86_64  
    texlive-xetex-2007-57.9.amzn1.x86_64  
    texlive-east-asian-2007-57.9.amzn1.x86_64  
    texlive-dviutils-2007-57.9.amzn1.x86_64  
    kpathsea-devel-2007-57.9.amzn1.x86_64

Additional References

Red Hat: CVE-2010-2642, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554

Mitre: CVE-2010-2642, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686texlive-dviutils< 2007-57.9.amzn1texlive-dviutils-2007-57.9.amzn1.i686.rpm
Amazon Linux1i686kpathsea< 2007-57.9.amzn1kpathsea-2007-57.9.amzn1.i686.rpm
Amazon Linux1i686texlive-context< 2007-57.9.amzn1texlive-context-2007-57.9.amzn1.i686.rpm
Amazon Linux1i686texlive-afm< 2007-57.9.amzn1texlive-afm-2007-57.9.amzn1.i686.rpm
Amazon Linux1i686mendexk< 2.6e-57.9.amzn1mendexk-2.6e-57.9.amzn1.i686.rpm
Amazon Linux1i686texlive-xetex< 2007-57.9.amzn1texlive-xetex-2007-57.9.amzn1.i686.rpm
Amazon Linux1i686texlive-east-asian< 2007-57.9.amzn1texlive-east-asian-2007-57.9.amzn1.i686.rpm
Amazon Linux1i686texlive-debuginfo< 2007-57.9.amzn1texlive-debuginfo-2007-57.9.amzn1.i686.rpm
Amazon Linux1i686texlive-utils< 2007-57.9.amzn1texlive-utils-2007-57.9.amzn1.i686.rpm
Amazon Linux1i686texlive-dvips< 2007-57.9.amzn1texlive-dvips-2007-57.9.amzn1.i686.rpm
Rows per page:
1-10 of 261

Related

nessus 52
openvas 55
centos 3
osv 2
debian 2
oraclelinux 4
fedora 4
redhat 4
amazon 1
slackware 1
ubuntu 4
securityvulns 4
gentoo 2
cve 7
nvd 7
ubuntucve 7
prion 7
cvelist 7
debiancve 7
veracode 6
cbl_mariner 2
cert 1
nessus
nessus
Oracle Linux 6 : texlive (ELSA-2012-0137)
2013-07-12 00:00:00
CentOS 6 : t1lib (CESA-2012:0062)
2012-01-31 00:00:00
Mandriva Linux Security Advisory : t1lib (MDVSA-2012:004)
2012-01-13 00:00:00
openvas
openvas
RedHat Update for texlive RHSA-2012:0137-01
2012-07-09 00:00:00
Oracle: Security Advisory (ELSA-2012-0137)
2015-10-06 00:00:00
CentOS Update for kpathsea CESA-2012:0137 centos6
2012-07-30 00:00:00
centos
centos
t1lib security update
2012-01-30 20:25:25
kpathsea, mendexk, texlive security update
2012-02-16 13:36:55
tetex security update
2012-08-23 23:12:26
osv
osv
t1lib - several
2012-01-14 00:00:00
evince - several
2011-12-03 00:00:00
debian
debian
[SECURITY] [DSA 2388-1] t1lib security update
2012-01-15 10:25:21
[SECURITY] [DSA 2357-1] evince security update
2011-12-04 10:54:13
oraclelinux
oraclelinux
texlive security update
2012-02-15 00:00:00
t1lib security update
2012-01-24 00:00:00
tetex security update
2012-08-23 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: t1lib-5.1.2-9.fc16
2012-01-28 03:23:39
[SECURITY] Fedora 15 Update: t1lib-5.1.2-9.fc15
2012-01-28 03:28:44
[SECURITY] Fedora 14 Update: evince-2.32.0-3.fc14
2011-01-08 21:26:09
redhat
redhat
(RHSA-2012:0062) Moderate: t1lib security update
2012-01-24 00:00:00
(RHSA-2012:0137) Moderate: texlive security update
2012-02-15 00:00:00
(RHSA-2012:1201) Moderate: tetex security update
2012-08-23 00:00:00
amazon
amazon
Medium: t1lib
2012-02-02 14:26:00
slackware
slackware
[slackware-security] t1lib
2012-08-16 06:32:38
ubuntu
ubuntu
t1lib vulnerabilities
2012-01-19 00:00:00
t1lib vulnerability
2011-12-21 00:00:00
Evince vulnerability
2012-01-25 00:00:00
securityvulns
securityvulns
t1lib / xpdf library multiple security vulnerabilities
2012-01-16 00:00:00
TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution
2011-03-29 00:00:00
[USN-1035-1] Evince vulnerabilities
2011-01-07 00:00:00
gentoo
gentoo
T1Lib: : Multiple vulnerabilities
2017-01-23 00:00:00
Evince: Multiple vulnerabilities
2011-11-20 00:00:00
cve
cve
CVE-2011-1554
2011-03-31 23:55:00
CVE-2011-0433
2012-11-19 12:10:48
CVE-2011-1553
2011-03-31 23:55:00
nvd
nvd
CVE-2011-1553
2011-03-31 23:55:00
CVE-2011-1554
2011-03-31 23:55:00
CVE-2011-0433
2012-11-19 12:10:48
ubuntucve
ubuntucve
CVE-2011-0433
2012-01-13 00:00:00
CVE-2011-1554
2011-03-31 00:00:00
CVE-2011-1553
2011-03-31 00:00:00
prion
prion
Heap overflow
2012-11-19 12:10:00
Integer overflow
2011-03-31 23:55:00
Design/Logic Flaw
2011-03-31 23:55:00
cvelist
cvelist
CVE-2011-0433
2012-11-19 11:00:00
CVE-2011-1554
2011-03-31 23:00:00
CVE-2011-1552
2011-03-31 23:00:00
debiancve
debiancve
CVE-2011-1553
2011-03-31 23:55:00
CVE-2011-1554
2011-03-31 23:55:00
CVE-2011-0433
2012-11-19 12:10:48
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:07:02
Denial Of Service (DoS)
2020-04-10 01:07:01
Denial Of Service (DoS)
2020-04-10 01:07:02
cbl_mariner
cbl_mariner
CVE-2010-2642 affecting package t1lib 5.1.2-28
2024-07-01 09:08:36
CVE-2011-0433 affecting package t1lib 5.1.2-28
2024-07-01 09:08:36
cert
cert
Foolabs Xpdf contains a denial of service vulnerability
2011-03-21 00:00:00

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.278 Low

EPSS

Percentile

96.8%

JSON
Related for ALAS-2012-048
nessus52openvas55centos3osv2debian2oraclelinux4fedora4redhat4amazon1slackware1ubuntu4securityvulns4gentoo2cve7nvd7ubuntucve7prion7cvelist7debiancve7veracode6cbl_mariner2cert1