Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1553 to the following vulnerability: Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553 [2] http://www.securityfocus.com/archive/1/archive/1/517205/100/0/threaded [3] http://www.toucan-system.com/advisories/tssa-2011-01.txt [4] http://www.foolabs.com/xpdf/download.html [5] http://www.kb.cert.org/vuls/id/MAPG-8ECL8X [6] http://www.kb.cert.org/vuls/id/376500 [7] http://securitytracker.com/id?1025266 [8] http://secunia.com/advisories/43823 [9] http://www.vupen.com/english/advisories/2011/0728
Created t1lib tracking bugs for this issue Affects: epel-5 [bug 679734] Affects: fedora-all [bug 772899]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0062 https://rhn.redhat.com/errata/RHSA-2012-0062.html
t1lib-5.0.2-2 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report.
t1lib-5.1.1-9.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
t1lib-5.1.2-9.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
t1lib-5.1.2-9.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0137 https://rhn.redhat.com/errata/RHSA-2012-0137.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:1201 https://rhn.redhat.com/errata/RHSA-2012-1201.html