CVE-2018-17407

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-17407
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17407.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-17407
Downstream
Related
Published
2018-09-23T21:29:00.280Z
Modified
2026-02-05T09:59:49.033712Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in t1checkunusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.

References

Affected packages

Git / github.com/tex-live/texlive-source

Affected ranges

Type
GIT
Repo
https://github.com/tex-live/texlive-source
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6ed0077520e2b0da1fd060c7f88db7b2e6068e4c

Affected versions

texlive-2018.*
texlive-2018.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17407.json"
vanir_signatures 
[
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/tex-live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c",
        "digest": {
            "line_hashes": [
                "9791268591048681484189466533196366941",
                "224486063487720674053331003536961317759",
                "53123805931207764341912960437070621194",
                "46727596619073334453305375206035578971",
                "68478864391820934181172959969828339608"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2018-17407-1430cd7b",
        "deprecated": false,
        "target": {
            "file": "texk/dvipsk/writet1.c"
        }
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/tex-live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c",
        "digest": {
            "line_hashes": [
                "22924009159388201154967308494624661853",
                "224070519679053124323349878276311203529",
                "123390893019550676027322074092248546979",
                "46727596619073334453305375206035578971",
                "68478864391820934181172959969828339608"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2018-17407-34d611c9",
        "deprecated": false,
        "target": {
            "file": "texk/web2c/luatexdir/font/writet1.c"
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/tex-live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c",
        "digest": {
            "function_hash": "212266903493370556945839331844847800932",
            "length": 419.0
        },
        "id": "CVE-2018-17407-71885961",
        "deprecated": false,
        "target": {
            "file": "texk/web2c/pdftexdir/writet1.c",
            "function": "t1_check_unusual_charstring"
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/tex-live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c",
        "digest": {
            "function_hash": "154964959366713946884875089814441253435",
            "length": 375.0
        },
        "id": "CVE-2018-17407-9dde0a3a",
        "deprecated": false,
        "target": {
            "file": "texk/web2c/luatexdir/font/writet1.c",
            "function": "t1_check_unusual_charstring"
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/tex-live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c",
        "digest": {
            "function_hash": "212266903493370556945839331844847800932",
            "length": 419.0
        },
        "id": "CVE-2018-17407-c3e04853",
        "deprecated": false,
        "target": {
            "file": "texk/dvipsk/writet1.c",
            "function": "t1_check_unusual_charstring"
        }
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/tex-live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c",
        "digest": {
            "line_hashes": [
                "9791268591048681484189466533196366941",
                "224486063487720674053331003536961317759",
                "53123805931207764341912960437070621194",
                "46727596619073334453305375206035578971",
                "68478864391820934181172959969828339608"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2018-17407-cfd68eb4",
        "deprecated": false,
        "target": {
            "file": "texk/web2c/pdftexdir/writet1.c"
        }
    }
]