Vulnerability Note VU#376500
Foolabs Xpdf contains a denial of service vulnerability
Foolabs Xpdf contains a denial of service vulnerability caused by the t1lib library incorrectly parsing Type 1 fonts.
According to Foolabs: Xpdf is an open source viewer for Portable Document Format (PDF) files. (These are sometimes also called 'Acrobat' files, from the name of Adobe's PDF software.) The Xpdf project also includes a PDF text extractor, PDF-to-PostScript converter, and various other utilities. Foolabs Xpdf contains a denial of service vulnerability caused by the t1lib library incorrectly parsing Type 1 fonts. This vulnerability may allow an attacker to execute arbitrary code.
A remote attacker can cause the device to crash and may be able to execute arbitrary code.
The vendor has stated they will stop using t1lib in their product and users should build Xpdf without t1lib.
To build Xpdf without t1lib, add the "--with-t1-library=no" flag to the
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|xpdf||Affected||23 Feb 2011||25 Feb 2011|
|Debian GNU/Linux||Unknown||-||21 Mar 2011|
|FreeBSD Project||Unknown||-||21 Mar 2011|
|NetBSD||Unknown||-||21 Mar 2011|
|SUSE Linux||Unknown||-||21 Mar 2011|
|Ubuntu||Unknown||-||21 Mar 2011|
CVSS Metrics (Learn More)
Thanks to Jonathan Brossard for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2011-0764
- Date Public: 21 Mar 2011
- Date First Published: 21 Mar 2011
- Date Last Updated: 05 Apr 2011
- Severity Metric: 0.06
- Document Revision: 12
If you have feedback, comments, or additional information about this vulnerability, please send us email.