Description
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.
References (5)
Core 5
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4299
Mailing List, Third Party Advisory x_refsource_misc
https://lists.debian.org/debian-security-announce/2018/msg00230.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3788-1/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3788-2/
Scores
CVSS v3
7.8
EPSS
0.0136
EPSS Percentile
80.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (7)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
18.10
debian/debian_linux
8.0
debian/debian_linux
9.0
tug/tex_live
< 2018-09-21
Published
Sep 23, 2018
Tracked Since
Feb 18, 2026