Vulnerability Note VU#376500

Foolabs Xpdf contains a denial of service vulnerability

Original Release date: 21 Mar 2011 | Last revised: 05 Apr 2011

Overview

Foolabs Xpdf contains a denial of service vulnerability caused by the t1lib library incorrectly parsing Type 1 fonts.

Description

According to Foolabs: Xpdf is an open source viewer for Portable Document Format (PDF) files. (These are sometimes also called 'Acrobat' files, from the name of Adobe's PDF software.) The Xpdf project also includes a PDF text extractor, PDF-to-PostScript converter, and various other utilities. Foolabs Xpdf contains a denial of service vulnerability caused by the t1lib library incorrectly parsing Type 1 fonts. This vulnerability may allow an attacker to execute arbitrary code.

Impact

A remote attacker can cause the device to crash and may be able to execute arbitrary code.

Solution

The vendor has stated they will stop using t1lib in their product and users should build Xpdf without t1lib.

To build Xpdf without t1lib, add the "--with-t1-library=no" flag to the
configure command:

./configure --with-t1-library=no .....

To double-check, run "xpdf --help". The "-freetype" option should be
listed, and the "-t1lib" option should NOT be listed. That indicates
that Xpdf was built with FreeType and without t1lib.

With this setting, Xpdf will use FreeType instead of t1lib to rasterize
Type 1 fonts. With recent versions of FreeType, the Type 1 quality is
as good or better than t1lib, so this should not present any problems.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
xpdfAffected23 Feb 201125 Feb 2011
Debian GNU/LinuxUnknown-21 Mar 2011
FreeBSD ProjectUnknown-21 Mar 2011
NetBSDUnknown-21 Mar 2011
SUSE LinuxUnknown-21 Mar 2011
UbuntuUnknown-21 Mar 2011
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Jonathan Brossard for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

  • CVE IDs: CVE-2011-0764
  • Date Public: 21 Mar 2011
  • Date First Published: 21 Mar 2011
  • Date Last Updated: 05 Apr 2011
  • Severity Metric: 0.06
  • Document Revision: 12

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.