Main Vulnerability Database SB2016082501

SB2016082501 - Input validation error in aalib (Alpine package)

Published: August 25, 2016

Security Bulletin ID SB2016082501

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2011-0764)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=3ce3c4fd596debefbad77328a9b62a39eccf753c
https://git.alpinelinux.org/aports/commit/?id=b6af1e02efe594039707cd882517663d5370f375