{"id":"UBUNTU-CVE-2018-17407","details":"An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.","modified":"2026-02-04T02:57:29.349239Z","published":"2018-09-23T00:00:00Z","related":["USN-3788-1","USN-3788-2"],"upstream":["CVE-2018-17407"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-17407"},{"type":"REPORT","url":"https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c"},{"type":"REPORT","url":"https://lists.debian.org/debian-security-announce/2018/msg00230.html"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3788-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3788-2"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2018-17407"}],"affected":[{"package":{"name":"texlive-bin","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/texlive-bin@2013.20130729.30972-2ubuntu0.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2013.20130729.30972-2ubuntu0.1"}]}],"versions":["2013.20130529.30792-1build2","2013.20130729.30972-2","2013.20130729.30972-2build1","2013.20130729.30972-2build2","2013.20130729.30972-2build3"],"ecosystem_specific":{"binaries":[{"binary_name":"libkpathsea-dev","binary_version":"2013.20130729.30972-2ubuntu0.1"},{"binary_name":"libkpathsea6","binary_version":"2013.20130729.30972-2ubuntu0.1"},{"binary_name":"libptexenc-dev","binary_version":"2013.20130729.30972-2ubuntu0.1"},{"binary_name":"libptexenc1","binary_version":"2013.20130729.30972-2ubuntu0.1"},{"binary_name":"texlive-binaries","binary_version":"2013.20130729.30972-2ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-17407.json"}},{"package":{"name":"texlive-bin","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/texlive-bin@2015.20160222.37495-1ubuntu0.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2015.20160222.37495-1ubuntu0.1"}]}],"versions":["2015.20150524.37493-5build1","2015.20150524.37493-7","2015.20150524.37493-7build1","2015.20150524.37493-7build4","2015.20160222.37495-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libkpathsea-dev","binary_version":"2015.20160222.37495-1ubuntu0.1"},{"binary_name":"libkpathsea6","binary_version":"2015.20160222.37495-1ubuntu0.1"},{"binary_name":"libptexenc-dev","binary_version":"2015.20160222.37495-1ubuntu0.1"},{"binary_name":"libptexenc1","binary_version":"2015.20160222.37495-1ubuntu0.1"},{"binary_name":"libsynctex-dev","binary_version":"2015.20160222.37495-1ubuntu0.1"},{"binary_name":"libsynctex1","binary_version":"2015.20160222.37495-1ubuntu0.1"},{"binary_name":"libtexlua52","binary_version":"2015.20160222.37495-1ubuntu0.1"},{"binary_name":"libtexlua52-dev","binary_version":"2015.20160222.37495-1ubuntu0.1"},{"binary_name":"libtexluajit-dev","binary_version":"2015.20160222.37495-1ubuntu0.1"},{"binary_name":"libtexluajit2","binary_version":"2015.20160222.37495-1ubuntu0.1"},{"binary_name":"texlive-binaries","binary_version":"2015.20160222.37495-1ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-17407.json"}},{"package":{"name":"texlive-bin","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/texlive-bin@2017.20170613.44572-8ubuntu0.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2017.20170613.44572-8ubuntu0.1"}]}],"versions":["2017.20170613.44572-5build1","2017.20170613.44572-5build2","2017.20170613.44572-6","2017.20170613.44572-6build1","2017.20170613.44572-6ubuntu1","2017.20170613.44572-8build1"],"ecosystem_specific":{"binaries":[{"binary_name":"libkpathsea-dev","binary_version":"2017.20170613.44572-8ubuntu0.1"},{"binary_name":"libkpathsea6","binary_version":"2017.20170613.44572-8ubuntu0.1"},{"binary_name":"libptexenc-dev","binary_version":"2017.20170613.44572-8ubuntu0.1"},{"binary_name":"libptexenc1","binary_version":"2017.20170613.44572-8ubuntu0.1"},{"binary_name":"libsynctex-dev","binary_version":"2017.20170613.44572-8ubuntu0.1"},{"binary_name":"libsynctex1","binary_version":"2017.20170613.44572-8ubuntu0.1"},{"binary_name":"libtexlua52","binary_version":"2017.20170613.44572-8ubuntu0.1"},{"binary_name":"libtexlua52-dev","binary_version":"2017.20170613.44572-8ubuntu0.1"},{"binary_name":"libtexluajit-dev","binary_version":"2017.20170613.44572-8ubuntu0.1"},{"binary_name":"libtexluajit2","binary_version":"2017.20170613.44572-8ubuntu0.1"},{"binary_name":"texlive-binaries","binary_version":"2017.20170613.44572-8ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-17407.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}