Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2018-17407: SUSE Linux Security Advisory

Back to Search

SUSE: CVE-2018-17407: SUSE Linux Security Advisory

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
09/23/2018
Created
03/19/2019
Added
10/05/2018
Modified
10/22/2021

Description

An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.

Solution(s)

  • suse-upgrade-libkpathsea6
  • suse-upgrade-libptexenc1
  • suse-upgrade-libsynctex1
  • suse-upgrade-libtexlua52-5
  • suse-upgrade-libtexluajit2
  • suse-upgrade-perl-biber
  • suse-upgrade-texlive
  • suse-upgrade-texlive-a2ping-bin
  • suse-upgrade-texlive-accfonts-bin
  • suse-upgrade-texlive-adhocfilelist-bin
  • suse-upgrade-texlive-afm2pl-bin
  • suse-upgrade-texlive-aleph-bin
  • suse-upgrade-texlive-amstex-bin
  • suse-upgrade-texlive-arara-bin
  • suse-upgrade-texlive-asymptote-bin
  • suse-upgrade-texlive-authorindex-bin
  • suse-upgrade-texlive-autosp-bin
  • suse-upgrade-texlive-biber-bin
  • suse-upgrade-texlive-bibexport-bin
  • suse-upgrade-texlive-bibtex-bin
  • suse-upgrade-texlive-bibtex8-bin
  • suse-upgrade-texlive-bibtexu-bin
  • suse-upgrade-texlive-bin-devel
  • suse-upgrade-texlive-bundledoc-bin
  • suse-upgrade-texlive-cachepic-bin
  • suse-upgrade-texlive-checkcites-bin
  • suse-upgrade-texlive-checklistings-bin
  • suse-upgrade-texlive-chktex-bin
  • suse-upgrade-texlive-cjk-gs-integrate-bin
  • suse-upgrade-texlive-cjkutils-bin
  • suse-upgrade-texlive-context-bin
  • suse-upgrade-texlive-convbkmk-bin
  • suse-upgrade-texlive-crossrefware-bin
  • suse-upgrade-texlive-cslatex-bin
  • suse-upgrade-texlive-csplain-bin
  • suse-upgrade-texlive-ctanify-bin
  • suse-upgrade-texlive-ctanupload-bin
  • suse-upgrade-texlive-ctie-bin
  • suse-upgrade-texlive-cweb-bin
  • suse-upgrade-texlive-cyrillic-bin-bin
  • suse-upgrade-texlive-de-macro-bin
  • suse-upgrade-texlive-detex-bin
  • suse-upgrade-texlive-diadia-bin
  • suse-upgrade-texlive-dosepsbin-bin
  • suse-upgrade-texlive-dtl-bin
  • suse-upgrade-texlive-dtxgen-bin
  • suse-upgrade-texlive-dviasm-bin
  • suse-upgrade-texlive-dvicopy-bin
  • suse-upgrade-texlive-dvidvi-bin
  • suse-upgrade-texlive-dviinfox-bin
  • suse-upgrade-texlive-dviljk-bin
  • suse-upgrade-texlive-dvipdfmx-bin
  • suse-upgrade-texlive-dvipng-bin
  • suse-upgrade-texlive-dvipos-bin
  • suse-upgrade-texlive-dvips-bin
  • suse-upgrade-texlive-dvisvgm-bin
  • suse-upgrade-texlive-ebong-bin
  • suse-upgrade-texlive-eplain-bin
  • suse-upgrade-texlive-epspdf-bin
  • suse-upgrade-texlive-epstopdf-bin
  • suse-upgrade-texlive-exceltex-bin
  • suse-upgrade-texlive-fig4latex-bin
  • suse-upgrade-texlive-findhyph-bin
  • suse-upgrade-texlive-fontinst-bin
  • suse-upgrade-texlive-fontools-bin
  • suse-upgrade-texlive-fontware-bin
  • suse-upgrade-texlive-fragmaster-bin
  • suse-upgrade-texlive-getmap-bin
  • suse-upgrade-texlive-glossaries-bin
  • suse-upgrade-texlive-gregoriotex-bin
  • suse-upgrade-texlive-gsftopk-bin
  • suse-upgrade-texlive-jadetex-bin
  • suse-upgrade-texlive-kotex-utils-bin
  • suse-upgrade-texlive-kpathsea-bin
  • suse-upgrade-texlive-kpathsea-devel
  • suse-upgrade-texlive-lacheck-bin
  • suse-upgrade-texlive-latex-bin-bin
  • suse-upgrade-texlive-latex-git-log-bin
  • suse-upgrade-texlive-latex-papersize-bin
  • suse-upgrade-texlive-latex2man-bin
  • suse-upgrade-texlive-latex2nemeth-bin
  • suse-upgrade-texlive-latexdiff-bin
  • suse-upgrade-texlive-latexfileversion-bin
  • suse-upgrade-texlive-latexindent-bin
  • suse-upgrade-texlive-latexmk-bin
  • suse-upgrade-texlive-latexpand-bin
  • suse-upgrade-texlive-lcdftypetools-bin
  • suse-upgrade-texlive-lilyglyphs-bin
  • suse-upgrade-texlive-listbib-bin
  • suse-upgrade-texlive-listings-ext-bin
  • suse-upgrade-texlive-lollipop-bin
  • suse-upgrade-texlive-ltxfileinfo-bin
  • suse-upgrade-texlive-ltximg-bin
  • suse-upgrade-texlive-lua2dox-bin
  • suse-upgrade-texlive-luaotfload-bin
  • suse-upgrade-texlive-luatex-bin
  • suse-upgrade-texlive-lwarp-bin
  • suse-upgrade-texlive-m-tx-bin
  • suse-upgrade-texlive-make4ht-bin
  • suse-upgrade-texlive-makedtx-bin
  • suse-upgrade-texlive-makeindex-bin
  • suse-upgrade-texlive-match_parens-bin
  • suse-upgrade-texlive-mathspic-bin
  • suse-upgrade-texlive-metafont-bin
  • suse-upgrade-texlive-metapost-bin
  • suse-upgrade-texlive-mex-bin
  • suse-upgrade-texlive-mf2pt1-bin
  • suse-upgrade-texlive-mflua-bin
  • suse-upgrade-texlive-mfware-bin
  • suse-upgrade-texlive-mkgrkindex-bin
  • suse-upgrade-texlive-mkjobtexmf-bin
  • suse-upgrade-texlive-mkpic-bin
  • suse-upgrade-texlive-mltex-bin
  • suse-upgrade-texlive-mptopdf-bin
  • suse-upgrade-texlive-multibibliography-bin
  • suse-upgrade-texlive-musixtex-bin
  • suse-upgrade-texlive-musixtnt-bin
  • suse-upgrade-texlive-omegaware-bin
  • suse-upgrade-texlive-patgen-bin
  • suse-upgrade-texlive-pax-bin
  • suse-upgrade-texlive-pdfbook2-bin
  • suse-upgrade-texlive-pdfcrop-bin
  • suse-upgrade-texlive-pdfjam-bin
  • suse-upgrade-texlive-pdflatexpicscale-bin
  • suse-upgrade-texlive-pdftex-bin
  • suse-upgrade-texlive-pdftools-bin
  • suse-upgrade-texlive-pdfxup-bin
  • suse-upgrade-texlive-pedigree-perl-bin
  • suse-upgrade-texlive-perltex-bin
  • suse-upgrade-texlive-petri-nets-bin
  • suse-upgrade-texlive-pfarrei-bin
  • suse-upgrade-texlive-pkfix-bin
  • suse-upgrade-texlive-pkfix-helper-bin
  • suse-upgrade-texlive-platex-bin
  • suse-upgrade-texlive-pmx-bin
  • suse-upgrade-texlive-pmxchords-bin
  • suse-upgrade-texlive-ps2pk-bin
  • suse-upgrade-texlive-pst-pdf-bin
  • suse-upgrade-texlive-pst2pdf-bin
  • suse-upgrade-texlive-pstools-bin
  • suse-upgrade-texlive-ptex-bin
  • suse-upgrade-texlive-ptex-fontmaps-bin
  • suse-upgrade-texlive-ptex2pdf-bin
  • suse-upgrade-texlive-ptexenc-devel
  • suse-upgrade-texlive-purifyeps-bin
  • suse-upgrade-texlive-pygmentex-bin
  • suse-upgrade-texlive-pythontex-bin
  • suse-upgrade-texlive-rubik-bin
  • suse-upgrade-texlive-seetexk-bin
  • suse-upgrade-texlive-splitindex-bin
  • suse-upgrade-texlive-srcredact-bin
  • suse-upgrade-texlive-sty2dtx-bin
  • suse-upgrade-texlive-svn-multi-bin
  • suse-upgrade-texlive-synctex-bin
  • suse-upgrade-texlive-synctex-devel
  • suse-upgrade-texlive-tetex-bin
  • suse-upgrade-texlive-tex-bin
  • suse-upgrade-texlive-tex4ebook-bin
  • suse-upgrade-texlive-tex4ht-bin
  • suse-upgrade-texlive-texconfig-bin
  • suse-upgrade-texlive-texcount-bin
  • suse-upgrade-texlive-texdef-bin
  • suse-upgrade-texlive-texdiff-bin
  • suse-upgrade-texlive-texdirflatten-bin
  • suse-upgrade-texlive-texdoc-bin
  • suse-upgrade-texlive-texfot-bin
  • suse-upgrade-texlive-texliveonfly-bin
  • suse-upgrade-texlive-texloganalyser-bin
  • suse-upgrade-texlive-texlua-devel
  • suse-upgrade-texlive-texluajit-devel
  • suse-upgrade-texlive-texosquery-bin
  • suse-upgrade-texlive-texsis-bin
  • suse-upgrade-texlive-texware-bin
  • suse-upgrade-texlive-thumbpdf-bin
  • suse-upgrade-texlive-tie-bin
  • suse-upgrade-texlive-tpic2pdftex-bin
  • suse-upgrade-texlive-ttfutils-bin
  • suse-upgrade-texlive-typeoutfileinfo-bin
  • suse-upgrade-texlive-ulqda-bin
  • suse-upgrade-texlive-uplatex-bin
  • suse-upgrade-texlive-uptex-bin
  • suse-upgrade-texlive-urlbst-bin
  • suse-upgrade-texlive-velthuis-bin
  • suse-upgrade-texlive-vlna-bin
  • suse-upgrade-texlive-vpe-bin
  • suse-upgrade-texlive-web-bin
  • suse-upgrade-texlive-xdvi-bin
  • suse-upgrade-texlive-xetex-bin
  • suse-upgrade-texlive-xmltex-bin
  • suse-upgrade-texlive-yplan-bin

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;