Bug#909317: texlive-bin: buffer overflow (DSA-4299-1)
Source: texlive-bin
Version: 2016.20160513.41080.dfsg-2
Severity: grave
Tags: patch security upstream fixed-upstream
Control: fixed -1 2016.20160513.41080.dfsg-2+deb9u1
Control: fixed -1 2018.20180907.48586-2
Filling for tracking of the issue fixed in DSA-4299-1, CVE assignment
is pending.
Nick Roessler from the University of Pennsylvania has found a buffer overflow
in texlive-bin, the executables for TexLive, the popular distribution of TeX
document production system.
This buffer overflow can be used for arbitrary code execution by crafting a
special type1 font (.pfb) and provide it to users running pdf(la)tex, dvips or
luatex in a way that the font is loaded.
https://lists.debian.org/debian-security-announce/2018/msg00230.html
Regards,
Salvatore
Reply to: