CVE-2011-1553 - Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and

CVE-2011-1553

Summary

Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.

References

Vulnerable Configurations

cpe:2.3:a:t1lib:t1lib:0.1:alpha:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.1:alpha:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.2:beta:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.2:beta:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.3:beta:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.3:beta:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.4:beta:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.4:beta:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.5:beta:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.5:beta:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.6:beta:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.6:beta:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.7:beta:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.7:beta:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.8:beta:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.8:beta:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.9:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.9:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:1.0:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:1.0:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:1.2:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:1.2:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:1.3:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:1.3:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:t1lib:t1lib:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.02pl4:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.02pl4:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 06-03-2019 - 16:30)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

redhat via4

advisories

rhsa

id	RHSA-2012:1201

rpms

t1lib-0:5.1.2-6.el6_2.1
t1lib-apps-0:5.1.2-6.el6_2.1
t1lib-debuginfo-0:5.1.2-6.el6_2.1
t1lib-devel-0:5.1.2-6.el6_2.1
t1lib-static-0:5.1.2-6.el6_2.1
kpathsea-0:2007-57.el6_2
kpathsea-devel-0:2007-57.el6_2
mendexk-0:2.6e-57.el6_2
texlive-0:2007-57.el6_2
texlive-afm-0:2007-57.el6_2
texlive-context-0:2007-57.el6_2
texlive-debuginfo-0:2007-57.el6_2
texlive-dvips-0:2007-57.el6_2
texlive-dviutils-0:2007-57.el6_2
texlive-east-asian-0:2007-57.el6_2
texlive-latex-0:2007-57.el6_2
texlive-utils-0:2007-57.el6_2
texlive-xetex-0:2007-57.el6_2
tetex-0:3.0-33.15.el5_8.1
tetex-afm-0:3.0-33.15.el5_8.1
tetex-debuginfo-0:3.0-33.15.el5_8.1
tetex-doc-0:3.0-33.15.el5_8.1
tetex-dvips-0:3.0-33.15.el5_8.1
tetex-fonts-0:3.0-33.15.el5_8.1
tetex-latex-0:3.0-33.15.el5_8.1
tetex-xdvi-0:3.0-33.15.el5_8.1

refmap via4

bugtraq	20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution
cert-vn	VU#376500
confirm	http://www.foolabs.com/xpdf/download.html http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
gentoo	GLSA-201701-57
mandriva	MDVSA-2012:144
misc	http://www.toucan-system.com/advisories/tssa-2011-01.txt
sectrack	1025266
secunia	43823 48985
sreason	8171
vupen	ADV-2011-0728

Last major update

06-03-2019 - 16:30

Published

31-03-2011 - 23:55

Last modified

06-03-2019 - 16:30