First published: Tue Jan 24 2012(Updated: )
The t1lib library allows you to rasterize bitmaps from PostScript Type 1<br>fonts.<br>Two heap-based buffer overflow flaws were found in the way t1lib processed<br>Adobe Font Metrics (AFM) files. If a specially-crafted font file was opened<br>by an application linked against t1lib, it could cause the application to<br>crash or, potentially, execute arbitrary code with the privileges of the<br>user running the application. (CVE-2010-2642, CVE-2011-0433)<br>An invalid pointer dereference flaw was found in t1lib. A specially-crafted<br>font file could, when opened, cause an application linked against t1lib to<br>crash or, potentially, execute arbitrary code with the privileges of the<br>user running the application. (CVE-2011-0764)<br>A use-after-free flaw was found in t1lib. A specially-crafted font file<br>could, when opened, cause an application linked against t1lib to crash or,<br>potentially, execute arbitrary code with the privileges of the user<br>running the application. (CVE-2011-1553)<br>An off-by-one flaw was found in t1lib. A specially-crafted font file could,<br>when opened, cause an application linked against t1lib to crash or,<br>potentially, execute arbitrary code with the privileges of the user running<br>the application. (CVE-2011-1554)<br>An out-of-bounds memory read flaw was found in t1lib. A specially-crafted<br>font file could, when opened, cause an application linked against t1lib to<br>crash. (CVE-2011-1552)<br>Red Hat would like to thank the Evince development team for reporting<br>CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the<br>original reporter of CVE-2010-2642.<br>All users of t1lib are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues. All applications linked<br>against t1lib must be restarted for this update to take effect.<br>
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/t1lib | <5.1.2-6.el6_2.1 | 5.1.2-6.el6_2.1 |
redhat/t1lib | <5.1.2-6.el6_2.1 | 5.1.2-6.el6_2.1 |
redhat/t1lib-apps | <5.1.2-6.el6_2.1 | 5.1.2-6.el6_2.1 |
redhat/t1lib-debuginfo | <5.1.2-6.el6_2.1 | 5.1.2-6.el6_2.1 |
redhat/t1lib-debuginfo | <5.1.2-6.el6_2.1 | 5.1.2-6.el6_2.1 |
redhat/t1lib-devel | <5.1.2-6.el6_2.1 | 5.1.2-6.el6_2.1 |
redhat/t1lib-devel | <5.1.2-6.el6_2.1 | 5.1.2-6.el6_2.1 |
redhat/t1lib-static | <5.1.2-6.el6_2.1 | 5.1.2-6.el6_2.1 |
redhat/t1lib-apps | <5.1.2-6.el6_2.1 | 5.1.2-6.el6_2.1 |
redhat/t1lib-static | <5.1.2-6.el6_2.1 | 5.1.2-6.el6_2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.