Notified:  February 23, 2011 Updated: February 25, 2011

Status

Affected

Vendor Statement

The vendor has stated they will stop using t1lib in their product and users should build Xpdf without t1lib. To build Xpdf without t1lib, add the "--with-t1-library=no" flag to the configure command: ./configure --with-t1-library=no ..... To double-check, run "xpdf --help". The "-freetype" option should be listed, and the "-t1lib" option should NOT be listed. That indicates that Xpdf was built with FreeType and without t1lib. With this setting, Xpdf will use FreeType instead of t1lib to rasterize Type 1 fonts. With recent versions of FreeType, the Type 1 quality is as good or better than t1lib, so this should not present any problems.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.