[manjaro-security] [ASA-201812-4] texlive-bin: arbitrary code execution

Jelle van der Waa jelle at archlinux.org
Tue Dec 11 18:12:39 CET 2018


Arch Linux Security Advisory ASA-201812-4
=========================================

Severity: High
Date    : 2018-12-08
CVE-ID  : CVE-2018-17407
Package : texlive-bin
Type    : arbitrary code execution
Remote  : No
Link    : https://security.archlinux.org/AVG-770

Summary
=======

The package texlive-bin before version 2018.48691-1 is vulnerable to
arbitrary code execution.

Resolution
==========

Upgrade to 2018.48691-1.

# pacman -Syu "texlive-bin>=2018.48691-1"

The problem has been fixed upstream in version 2018.48691.

Workaround
==========

None.

Description
===========

An issue was discovered in t1_check_unusual_charstring functions in
writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the
handling of Type 1 fonts allows arbitrary code execution when a
malicious font is loaded by one of the vulnerable tools: pdflatex,
pdftex, dvips, or luatex.

Impact
======

A local attacker can execute arbitrary code via a crafted font.

References
==========

https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c
https://github.com/TeX-Live/texlive-source/commit/f1211fe16c19af8fee54146ae116e4e5c779e8b4
https://security.archlinux.org/CVE-2018-17407
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20181211/5cc99575/attachment.sig>


More information about the manjaro-security mailing list