=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2011/VULN244
_____________________________________________________________________

DATE                      : 23/03/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Xpdf.

======================================================================
http://www.kb.cert.org/vuls/id/376500
______________________________________________________________________

Vulnerability Note VU#376500

Foolabs Xpdf contains a denial of service vulnerability

Overview

Foolabs Xpdf contains a denial of service vulnerability caused by the t1lib
library incorrectly parsing Type 1 fonts.

I. Description

According to Foolabs: Xpdf is an open source viewer for Portable Document
Format (PDF) files. (These are sometimes also called 'Acrobat' files, from
the name of Adobe's PDF software.) The Xpdf project also includes a
PDF text extractor, PDF-to-PostScript converter, and various other
utilities. Foolabs Xpdf contains a denial of service vulnerability
caused by the t1lib library incorrectly parsing Type 1 fonts. This
vulnerability may allow an attacker to execute arbitrary code.

II. Impact

A remote attacker can cause the device to crash and may be able to execute
arbitrary code.

III. Solution

The vendor has stated they will stop using t1lib in their product and users
should build Xpdf without t1lib.

To build Xpdf without t1lib, add the "--with-t1-library=no" flag to the
configure command:

./configure --with-t1-library=no .....

To double-check, run "xpdf --help". The "-freetype" option should be
listed, and the "-t1lib" option should NOT be listed. That indicates
that Xpdf was built with FreeType and without t1lib.

With this setting, Xpdf will use FreeType instead of t1lib to rasterize
Type 1 fonts. With recent versions of FreeType, the Type 1 quality is
as good or better than t1lib, so this should not present any problems.


Vendor Information

Vendor	Status	Date Notified	Date Updated

Debian GNU/Linux	Unknown		2011-03-21
FreeBSD Project	Unknown		2011-03-21
NetBSD	Unknown		2011-03-21
SUSE Linux	Unknown		2011-03-21
Ubuntu	Unknown		2011-03-21
xpdf	Affected	2011-02-23	2011-02-25


References

Credit

Thanks to Jonathan Brossard for reporting this vulnerability.

This document was written by Michael Orlando.


Other Information
Date Public:	2011-03-21
Date First Published:	2011-03-21
Date Last Updated:	2011-03-21
CERT Advisory:	
CVE-ID(s):	
NVD-ID(s):	
US-CERT Technical Alerts:	
Severity Metric:	0,06
Document Revision:	6

If you have feedback, comments, or additional information about this vulnerability,
please send us email.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================