[manjaro-security] [ASA-201812-4] texlive-bin: arbitrary code execution
Jelle van der Waa
jelle at archlinux.org
Tue Dec 11 18:12:39 CET 2018
Arch Linux Security Advisory ASA-201812-4
=========================================
Severity: High
Date : 2018-12-08
CVE-ID : CVE-2018-17407
Package : texlive-bin
Type : arbitrary code execution
Remote : No
Link : https://security.archlinux.org/AVG-770
Summary
=======
The package texlive-bin before version 2018.48691-1 is vulnerable to
arbitrary code execution.
Resolution
==========
Upgrade to 2018.48691-1.
# pacman -Syu "texlive-bin>=2018.48691-1"
The problem has been fixed upstream in version 2018.48691.
Workaround
==========
None.
Description
===========
An issue was discovered in t1_check_unusual_charstring functions in
writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the
handling of Type 1 fonts allows arbitrary code execution when a
malicious font is loaded by one of the vulnerable tools: pdflatex,
pdftex, dvips, or luatex.
Impact
======
A local attacker can execute arbitrary code via a crafted font.
References
==========
https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c
https://github.com/TeX-Live/texlive-source/commit/f1211fe16c19af8fee54146ae116e4e5c779e8b4
https://security.archlinux.org/CVE-2018-17407
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20181211/5cc99575/attachment.sig>
More information about the manjaro-security
mailing list