CVE-2018-17407
published 2018-09-23CVE-2018-17407: An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1…
PriorityP339high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
2.06%
78.9th percentile
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | texlive-bin | < texlive-bin 2018.20180907.48586-2 (bookworm) | texlive-bin 2018.20180907.48586-2 (bookworm) |
| tug | tex_live | < 2018-09-21 | 2018-09-21 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Tex Live-bin vulnerability
vendor_ubuntu·2018-10-23·CVSS 7.8
CVE-2018-17407 [HIGH] Tex Live-bin vulnerability
Title: Tex Live-bin vulnerability
Summary: Several security issues were fixed in Tex Live.
USN-3788-1 fixed vulnerabilities in Tex Live. This update provides
the corresponding update for Ubuntu 18.10
Original advisory details:
It was discovered that Tex Live incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-17407)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Tex Live vulnerabilities
vendor_ubuntu·2018-10-11·CVSS 6.1
CVE-2015-5700 [MEDIUM] Tex Live vulnerabilities
Title: Tex Live vulnerabilities
Summary: Several security issues were fixed in Tex Live.
Jakub Wilk discovered that Tex Live incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 14.04 LTS. (CVE-2015-5700)
It was discovered that Tex Live incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-17407)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
texlive: Buffer overflow in t1_check_unusual_charstring function in writet1.c
vendor_redhat·2018-09-23·CVSS 7.8
CVE-2018-17407 [HIGH] CWE-119 texlive: Buffer overflow in t1_check_unusual_charstring function in writet1.c
texlive: Buffer overflow in t1_check_unusual_charstring function in writet1.c
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.
Statement: This issue affects the versions of texlive as shipped with Red Hat Enterprise Linux 6 and 7.
Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://
Debian
CVE-2018-17407: texlive-bin - An issue was discovered in t1_check_unusual_charstring functions in writet1.c fi...
vendor_debian·2018·CVSS 7.8
CVE-2018-17407 [HIGH] CVE-2018-17407: texlive-bin - An issue was discovered in t1_check_unusual_charstring functions in writet1.c fi...
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.
Scope: local
bookworm: resolved (fixed in 2018.20180907.48586-2)
bullseye: resolved (fixed in 2018.20180907.48586-2)
forky: resolved (fixed in 2018.20180907.48586-2)
sid: resolved (fixed in 2018.20180907.48586-2)
trixie: resolved (fixed in 2018.20180907.48586-2)
GHSA
GHSA-g32p-2jpf-2cg9: An issue was discovered in t1_check_unusual_charstring functions in writet1
ghsa_unreviewed·2022-05-14
CVE-2018-17407 [HIGH] CWE-119 GHSA-g32p-2jpf-2cg9: An issue was discovered in t1_check_unusual_charstring functions in writet1
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.
OSV
texlive-bin vulnerabilities
osv·2018-10-11·CVSS 6.1
CVE-2015-5700 [MEDIUM] texlive-bin vulnerabilities
texlive-bin vulnerabilities
Jakub Wilk discovered that Tex Live incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 14.04 LTS. (CVE-2015-5700)
It was discovered that Tex Live incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-17407)
OSV
CVE-2018-17407: An issue was discovered in t1_check_unusual_charstring functions in writet1
osv·2018-09-23·CVSS 7.8
CVE-2018-17407 [HIGH] CVE-2018-17407: An issue was discovered in t1_check_unusual_charstring functions in writet1
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-17407 texlive: Buffer overflow in t1_check_unusual_charstring function in writet1.c
bugzilla·2018-09-25·CVSS 7.8
CVE-2018-17407 [HIGH] CVE-2018-17407 texlive: Buffer overflow in t1_check_unusual_charstring function in writet1.c
CVE-2018-17407 texlive: Buffer overflow in t1_check_unusual_charstring function in writet1.c
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.
Upstream patch:
https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c
References:
https://lists.debian.org/debian-security-announce/2018/msg00230.html
Discussion:
Created texlive tracking bugs for this issue:
Affects: fedora-all [bug 1632803]
---
Statement:
This issue affects the versions of texlive as shipped with Red Hat Enterprise Linux 6 and 7.
Red Hat En
Bugzilla
CVE-2018-17407 texlive: Buffer overflow in t1_check_unusual_charstring function in writet1.c [fedora-all]
bugzilla·2018-09-25·CVSS 7.8
CVE-2018-17407 [HIGH] CVE-2018-17407 texlive: Buffer overflow in t1_check_unusual_charstring function in writet1.c [fedora-all]
CVE-2018-17407 texlive: Buffer overflow in t1_check_unusual_charstring function in writet1.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects
https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4chttps://lists.debian.org/debian-security-announce/2018/msg00230.htmlhttps://usn.ubuntu.com/3788-1/https://usn.ubuntu.com/3788-2/https://www.debian.org/security/2018/dsa-4299https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4chttps://lists.debian.org/debian-security-announce/2018/msg00230.htmlhttps://usn.ubuntu.com/3788-1/https://usn.ubuntu.com/3788-2/https://www.debian.org/security/2018/dsa-4299
2018-09-23
Published