Arch Linux: ASA-201812-4 High: texlive-bin Arbitrary Code Execution

Arch Linux Security Advisory ASA-201812-4
========================================
Severity: High
Date    : 2018-12-08
CVE-ID  : CVE-2018-17407
Package : texlive-bin
Type    : arbitrary code execution
Remote  : No
Link    : https://security.archlinux.org/AVG-770

Summary
======
The package texlive-bin before version 2018.48691-1 is vulnerable to
arbitrary code execution.

Resolution
=========
Upgrade to 2018.48691-1.

# pacman -Syu "texlive-bin>=2018.48691-1"

The problem has been fixed upstream in version 2018.48691.

Workaround
=========
None.

Description
==========
An issue was discovered in t1_check_unusual_charstring functions in
writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the
handling of Type 1 fonts allows arbitrary code execution when a
malicious font is loaded by one of the vulnerable tools: pdflatex,
pdftex, dvips, or luatex.

Impact
=====
A local attacker can execute arbitrary code via a crafted font.

References
=========
https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c
https://github.com/TeX-Live/texlive-source/commit/f1211fe16c19af8fee54146ae116e4e5c779e8b4
https://security.archlinux.org/CVE-2018-17407