TeX Live is vulnerable to Denial of Service (DoS). Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially-crafted font file was opened by a TeX Live utility, it could cause the utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility.
rhn.redhat.com/errata/RHSA-2012-1201.html
secunia.com/advisories/48985
www.mandriva.com/security/advisories?name=MDVSA-2012:144
xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/
access.redhat.com/errata/RHSA-2012:0137
access.redhat.com/security/updates/classification/#moderate
bugzilla.gnome.org/show_bug.cgi?id=640923
bugzilla.redhat.com/show_bug.cgi?id=679732
security.gentoo.org/glsa/201701-57