Foolabs Xpdf contains a denial of service vulnerability

Overview

Foolabs Xpdf contains a denial of service vulnerability caused by the t1lib library incorrectly parsing Type 1 fonts.

Description

According to Foolabs: _Xpdf is an open source viewer for Portable Document Format (PDF) files. (These are sometimes also called ‘Acrobat’ files, from the name of Adobe’s PDF software.) The Xpdf project also includes a PDF text extractor, PDF-to-PostScript converter, and various other utilities. _Foolabs Xpdf contains a denial of service vulnerability caused by the t1lib library incorrectly parsing Type 1 fonts. This vulnerability may allow an attacker to execute arbitrary code.

---

Impact

A remote attacker can cause the device to crash and may be able to execute arbitrary code.

---

Solution

The vendor has stated they will stop using t1lib in their product and users should build Xpdf without t1lib.

To build Xpdf without t1lib, add the “–with-t1-library=no” flag to the
configure command:

./configure --with-t1-library=no …

To double-check, run “xpdf --help”. The “-freetype” option should be
listed, and the “-t1lib” option should NOT be listed. That indicates
that Xpdf was built with FreeType and without t1lib.

With this setting, Xpdf will use FreeType instead of t1lib to rasterize
Type 1 fonts. With recent versions of FreeType, the Type 1 quality is
as good or better than t1lib, so this should not present any problems.

---

Vendor Information

376500

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

xpdf __ Affected

Notified: February 23, 2011 Updated: February 25, 2011

Status

Affected

Vendor Statement

The vendor has stated they will stop using t1lib in their product and users should build Xpdf without t1lib.

To build Xpdf without t1lib, add the “–with-t1-library=no” flag to the
configure command:

./configure --with-t1-library=no …

To double-check, run “xpdf --help”. The “-freetype” option should be
listed, and the “-t1lib” option should NOT be listed. That indicates
that Xpdf was built with FreeType and without t1lib.

With this setting, Xpdf will use FreeType instead of t1lib to rasterize
Type 1 fonts. With recent versions of FreeType, the Type 1 quality is
as good or better than t1lib, so this should not present any problems.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Debian GNU/Linux Unknown

Updated: March 21, 2011

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FreeBSD Project Unknown

Updated: March 21, 2011

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetBSD Unknown

Updated: March 21, 2011

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SUSE Linux Unknown

Updated: March 21, 2011

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubuntu Unknown

Updated: March 21, 2011

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

<http://www.toucan-system.eu/advisories/tssa-2011-01.txt&gt;

Acknowledgements

Thanks to Jonathan Brossard for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs:	CVE-2011-0764
Severity Metric:	0.06 Date Public: