ID CVE-2011-5244
Summary Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
References
Vulnerable Configurations
  • cpe:2.3:a:gnome:evince:-:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:evince:-:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:*:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:*:*:*:*:*:*:*:*
  • cpe:2.3:a:tetex:tetex:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:tetex:tetex:3.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 29-08-2017 - 01:30)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
confirm https://bugzilla.gnome.org/show_bug.cgi?id=643882
gentoo GLSA-201701-57
misc
mlist [oss-security] 20110304 Re: Re: CVE request: More Evince overflows
xf evince-token-code-exec(80271)
Last major update 29-08-2017 - 01:30
Published 19-11-2012 - 12:10
Last modified 29-08-2017 - 01:30
Back to Top