xpdf Information for VU#376500
Foolabs Xpdf contains a denial of service vulnerability
- Vendor Information Help Date Notified: 23 Feb 2011
- Statement Date:
- Date Updated: 25 Feb 2011
Status
Affected
Vendor Statement
The vendor has stated they will stop using t1lib in their product and users should build Xpdf without t1lib.
To build Xpdf without t1lib, add the "--with-t1-library=no" flag to the
configure command:
./configure --with-t1-library=no .....
To double-check, run "xpdf --help". The "-freetype" option should be
listed, and the "-t1lib" option should NOT be listed. That indicates
that Xpdf was built with FreeType and without t1lib.
With this setting, Xpdf will use FreeType instead of t1lib to rasterize
Type 1 fonts. With recent versions of FreeType, the Type 1 quality is
as good or better than t1lib, so this should not present any problems.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
None
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.