Download
| Alert*
oval:org.secpod.oval:def:1601251
Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user ru ... oval:org.secpod.oval:def:1601359 TeX Live embeds a copy of t1lib. The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code:Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by ... oval:org.secpod.oval:def:700732 t1lib: Type 1 font rasterizer library - runtime t1lib could be made to crash or run programs as your login if it opened a specially crafted font file. oval:org.secpod.oval:def:700209 Jon Larimer discovered that Evince"s font parsers incorrectly handled certain buffer lengths when rendering a DVI file. By tricking a user into opening or previewing a DVI file that uses a specially crafted font file, an attacker could crash evince or execute arbitrary code with the user"s privilege ... oval:org.secpod.oval:def:500122 Evince is a document viewer. An array index error was found in the DeVice Independent renderer"s PK and VF font file parsers. A DVI file that references a specially-crafted font file could, when opened, cause Evince to crash or, potentially, execute arbitrary code with the privileges of the user ru ... oval:org.secpod.oval:def:101194 Evince is simple multi-page document viewer. It can display and print Portable Document Format , PostScript and Encapsulated PostScript files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents bookmarks a ... oval:org.secpod.oval:def:1503333 Updated evince packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availab ... oval:org.secpod.oval:def:300393 Multiple vulnerabilities has been found and corrected in evince: Array index error in the PK and VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font in conjunction with a DV ... oval:org.secpod.oval:def:101146 Evince is simple multi-page document viewer. It can display and print Portable Document Format , PostScript and Encapsulated PostScript files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents bookmarks a ... oval:org.secpod.oval:def:103394 T1lib is a rasterizer library for Adobe Type 1 Fonts. It supports rotation and transformation, kerning underlining and antialiasing. It does not depend on X11, but does provides some special functions for X11. AFM-files can be generated from Type 1 font files and font subsetting is possible. oval:org.secpod.oval:def:600636 Jon Larimer from IBM X-Force Advanced Research discovered multiple vulnerabilities in the DVI backend of the evince document viewer: CVE-2010-2640 Insuficient array bounds checks in the PK fonts parser could lead to function pointer overwrite, causing arbitrary code execution. CVE-2010-2641 Insufici ... oval:org.secpod.oval:def:600701 Several vulnerabilities were discovered in t1lib, a Postscript Type 1 font rasterizer library, some of which might lead to code execution through the opening of files embedding bad fonts. CVE-2010-2642 A heap-based buffer overflow in the AFM font metrics parser potentially leads to the execution of ... oval:org.secpod.oval:def:202426 teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code: Two hea ... oval:org.secpod.oval:def:1300119 Multiple vulnerabilities has been found and corrected in tetex: The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service via unknown vectors that trigger an uninitialized pointer dereference . The FoFiType1::parse function in fofi/FoFiTy ... oval:org.secpod.oval:def:103417 T1lib is a rasterizer library for Adobe Type 1 Fonts. It supports rotation and transformation, kerning underlining and antialiasing. It does not depend on X11, but does provides some special functions for X11. AFM-files can be generated from Type 1 font files and font subsetting is possible. oval:org.secpod.oval:def:500873 teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code: Two hea ... oval:org.secpod.oval:def:500711 TeX Live is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent file as output. The texlive packages provide a number of utilities, including dvips. TeX Live embeds a copy of t1lib. The t1lib library allo ... oval:org.secpod.oval:def:1503684 Updated texlive packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ... oval:org.secpod.oval:def:202228 TeX Live is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent file as output. The texlive packages provide a number of utilities, including dvips. TeX Live embeds a copy of t1lib. The t1lib library allo ... oval:org.secpod.oval:def:300398 It was discovered that t1lib suffered from the same vulnerability as previousely addressed in Evince with MDVSA-2011:005 . As a precaution t1lib has been patched to address this flaw. Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:500736 The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to ... oval:org.secpod.oval:def:300391 It was discovered that tetex suffered from the same vulnerability as previousely addressed in Evince with MDVSA-2011:005 . As a precaution tetex has been patched to address this flaw. Packages for 2009.0 are provided as of the Extended Maintenance Program oval:org.secpod.oval:def:1503816 Updated t1lib packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:202246 The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to ... |