ID CVE-2011-1554
Summary Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.
References
Vulnerable Configurations
  • cpe:2.3:a:t1lib:t1lib:0.1:alpha:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.1:alpha:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.2:beta:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.2:beta:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.3:beta:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.3:beta:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.4:beta:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.4:beta:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.5:beta:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.5:beta:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.6:beta:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.6:beta:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.7:beta:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.7:beta:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.8:beta:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.8:beta:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:5.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:5.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:5.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:5.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:3.02pl4:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:3.02pl4:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 06-03-2019 - 16:30)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 692909
    title CVE-2011-0764 t1lib: Invalid pointer dereference via crafted Type 1 font
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment t1lib is earlier than 0:5.1.2-6.el6_2.1
          oval oval:com.redhat.rhsa:tst:20120062005
        • comment t1lib is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120062006
      • AND
        • comment t1lib-apps is earlier than 0:5.1.2-6.el6_2.1
          oval oval:com.redhat.rhsa:tst:20120062011
        • comment t1lib-apps is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120062012
      • AND
        • comment t1lib-devel is earlier than 0:5.1.2-6.el6_2.1
          oval oval:com.redhat.rhsa:tst:20120062009
        • comment t1lib-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120062010
      • AND
        • comment t1lib-static is earlier than 0:5.1.2-6.el6_2.1
          oval oval:com.redhat.rhsa:tst:20120062007
        • comment t1lib-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120062008
    rhsa
    id RHSA-2012:0062
    released 2012-01-24
    severity Moderate
    title RHSA-2012:0062: t1lib security update (Moderate)
  • bugzilla
    id 692909
    title CVE-2011-0764 t1lib: Invalid pointer dereference via crafted Type 1 font
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment kpathsea is earlier than 0:2007-57.el6_2
          oval oval:com.redhat.rhsa:tst:20120137017
        • comment kpathsea is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120137018
      • AND
        • comment kpathsea-devel is earlier than 0:2007-57.el6_2
          oval oval:com.redhat.rhsa:tst:20120137011
        • comment kpathsea-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120137012
      • AND
        • comment mendexk is earlier than 0:2.6e-57.el6_2
          oval oval:com.redhat.rhsa:tst:20120137019
        • comment mendexk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120137020
      • AND
        • comment texlive is earlier than 0:2007-57.el6_2
          oval oval:com.redhat.rhsa:tst:20120137005
        • comment texlive is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120137006
      • AND
        • comment texlive-afm is earlier than 0:2007-57.el6_2
          oval oval:com.redhat.rhsa:tst:20120137023
        • comment texlive-afm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120137024
      • AND
        • comment texlive-context is earlier than 0:2007-57.el6_2
          oval oval:com.redhat.rhsa:tst:20120137025
        • comment texlive-context is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120137026
      • AND
        • comment texlive-dvips is earlier than 0:2007-57.el6_2
          oval oval:com.redhat.rhsa:tst:20120137009
        • comment texlive-dvips is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120137010
      • AND
        • comment texlive-dviutils is earlier than 0:2007-57.el6_2
          oval oval:com.redhat.rhsa:tst:20120137027
        • comment texlive-dviutils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120137028
      • AND
        • comment texlive-east-asian is earlier than 0:2007-57.el6_2
          oval oval:com.redhat.rhsa:tst:20120137021
        • comment texlive-east-asian is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120137022
      • AND
        • comment texlive-latex is earlier than 0:2007-57.el6_2
          oval oval:com.redhat.rhsa:tst:20120137007
        • comment texlive-latex is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120137008
      • AND
        • comment texlive-utils is earlier than 0:2007-57.el6_2
          oval oval:com.redhat.rhsa:tst:20120137015
        • comment texlive-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120137016
      • AND
        • comment texlive-xetex is earlier than 0:2007-57.el6_2
          oval oval:com.redhat.rhsa:tst:20120137013
        • comment texlive-xetex is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120137014
    rhsa
    id RHSA-2012:0137
    released 2012-02-15
    severity Moderate
    title RHSA-2012:0137: texlive security update (Moderate)
  • bugzilla
    id 692909
    title CVE-2011-0764 t1lib: Invalid pointer dereference via crafted Type 1 font
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment tetex is earlier than 0:3.0-33.15.el5_8.1
          oval oval:com.redhat.rhsa:tst:20121201002
        • comment tetex is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070731025
      • AND
        • comment tetex-afm is earlier than 0:3.0-33.15.el5_8.1
          oval oval:com.redhat.rhsa:tst:20121201010
        • comment tetex-afm is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070731037
      • AND
        • comment tetex-doc is earlier than 0:3.0-33.15.el5_8.1
          oval oval:com.redhat.rhsa:tst:20121201004
        • comment tetex-doc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070731031
      • AND
        • comment tetex-dvips is earlier than 0:3.0-33.15.el5_8.1
          oval oval:com.redhat.rhsa:tst:20121201012
        • comment tetex-dvips is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070731033
      • AND
        • comment tetex-fonts is earlier than 0:3.0-33.15.el5_8.1
          oval oval:com.redhat.rhsa:tst:20121201006
        • comment tetex-fonts is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070731035
      • AND
        • comment tetex-latex is earlier than 0:3.0-33.15.el5_8.1
          oval oval:com.redhat.rhsa:tst:20121201014
        • comment tetex-latex is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070731027
      • AND
        • comment tetex-xdvi is earlier than 0:3.0-33.15.el5_8.1
          oval oval:com.redhat.rhsa:tst:20121201008
        • comment tetex-xdvi is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070731029
    rhsa
    id RHSA-2012:1201
    released 2012-08-23
    severity Moderate
    title RHSA-2012:1201: tetex security update (Moderate)
rpms
  • t1lib-0:5.1.2-6.el6_2.1
  • t1lib-apps-0:5.1.2-6.el6_2.1
  • t1lib-devel-0:5.1.2-6.el6_2.1
  • t1lib-static-0:5.1.2-6.el6_2.1
  • kpathsea-0:2007-57.el6_2
  • kpathsea-devel-0:2007-57.el6_2
  • mendexk-0:2.6e-57.el6_2
  • texlive-0:2007-57.el6_2
  • texlive-afm-0:2007-57.el6_2
  • texlive-context-0:2007-57.el6_2
  • texlive-dvips-0:2007-57.el6_2
  • texlive-dviutils-0:2007-57.el6_2
  • texlive-east-asian-0:2007-57.el6_2
  • texlive-latex-0:2007-57.el6_2
  • texlive-utils-0:2007-57.el6_2
  • texlive-xetex-0:2007-57.el6_2
  • tetex-0:3.0-33.15.el5_8.1
  • tetex-afm-0:3.0-33.15.el5_8.1
  • tetex-doc-0:3.0-33.15.el5_8.1
  • tetex-dvips-0:3.0-33.15.el5_8.1
  • tetex-fonts-0:3.0-33.15.el5_8.1
  • tetex-latex-0:3.0-33.15.el5_8.1
  • tetex-xdvi-0:3.0-33.15.el5_8.1
refmap via4
bugtraq 20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution
cert-vn VU#376500
confirm
gentoo GLSA-201701-57
mandriva MDVSA-2012:144
misc http://www.toucan-system.com/advisories/tssa-2011-01.txt
sectrack 1025266
secunia
  • 43823
  • 48985
sreason 8171
vupen ADV-2011-0728
Last major update 06-03-2019 - 16:30
Published 31-03-2011 - 23:55
Back to Top