CVE-2018-17407
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-17407
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-17407.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-17407
- Downstream
- Related
- Published
- 2018-09-23T21:29:00Z
- Modified
- 2025-09-19T09:27:22.666661Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in t1checkunusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.
- References
Affected packages
Git / github.com/tex-live/texlive-source
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tex-live/texlive-source
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2018-17407-1430cd7b",
"signature_type": "Line",
"digest": {
"line_hashes": [
"9791268591048681484189466533196366941",
"224486063487720674053331003536961317759",
"53123805931207764341912960437070621194",
"46727596619073334453305375206035578971",
"68478864391820934181172959969828339608"
],
"threshold": 0.9
},
"target": {
"file": "texk/dvipsk/writet1.c"
},
"source": "https://github.com/tex-live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2018-17407-34d611c9",
"signature_type": "Line",
"digest": {
"line_hashes": [
"22924009159388201154967308494624661853",
"224070519679053124323349878276311203529",
"123390893019550676027322074092248546979",
"46727596619073334453305375206035578971",
"68478864391820934181172959969828339608"
],
"threshold": 0.9
},
"target": {
"file": "texk/web2c/luatexdir/font/writet1.c"
},
"source": "https://github.com/tex-live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2018-17407-71885961",
"signature_type": "Function",
"digest": {
"function_hash": "212266903493370556945839331844847800932",
"length": 419.0
},
"target": {
"file": "texk/web2c/pdftexdir/writet1.c",
"function": "t1_check_unusual_charstring"
},
"source": "https://github.com/tex-live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2018-17407-9dde0a3a",
"signature_type": "Function",
"digest": {
"function_hash": "154964959366713946884875089814441253435",
"length": 375.0
},
"target": {
"file": "texk/web2c/luatexdir/font/writet1.c",
"function": "t1_check_unusual_charstring"
},
"source": "https://github.com/tex-live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2018-17407-c3e04853",
"signature_type": "Function",
"digest": {
"function_hash": "212266903493370556945839331844847800932",
"length": 419.0
},
"target": {
"file": "texk/dvipsk/writet1.c",
"function": "t1_check_unusual_charstring"
},
"source": "https://github.com/tex-live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c",
"signature_version": "v1",
"deprecated": false
},
{
"id": "CVE-2018-17407-cfd68eb4",
"signature_type": "Line",
"digest": {
"line_hashes": [
"9791268591048681484189466533196366941",
"224486063487720674053331003536961317759",
"53123805931207764341912960437070621194",
"46727596619073334453305375206035578971",
"68478864391820934181172959969828339608"
],
"threshold": 0.9
},
"target": {
"file": "texk/web2c/pdftexdir/writet1.c"
},
"source": "https://github.com/tex-live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c",
"signature_version": "v1",
"deprecated": false
}
]
}