ID CVE-2011-1553
Summary Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.
References
Vulnerable Configurations
  • cpe:2.3:a:t1lib:t1lib:0.1:alpha:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.1:alpha:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.2:beta:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.2:beta:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.3:beta:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.3:beta:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.4:beta:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.4:beta:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.5:beta:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.5:beta:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.6:beta:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.6:beta:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.7:beta:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.7:beta:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.8:beta:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.8:beta:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:5.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:5.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:t1lib:t1lib:5.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:t1lib:t1lib:5.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*
  • cpe:2.3:a:foolabs:xpdf:3.02pl4:*:*:*:*:*:*:*
    cpe:2.3:a:foolabs:xpdf:3.02pl4:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*
    cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 06-03-2019 - 16:30)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2012:1201
rpms
  • t1lib-0:5.1.2-6.el6_2.1
  • t1lib-apps-0:5.1.2-6.el6_2.1
  • t1lib-debuginfo-0:5.1.2-6.el6_2.1
  • t1lib-devel-0:5.1.2-6.el6_2.1
  • t1lib-static-0:5.1.2-6.el6_2.1
  • kpathsea-0:2007-57.el6_2
  • kpathsea-devel-0:2007-57.el6_2
  • mendexk-0:2.6e-57.el6_2
  • texlive-0:2007-57.el6_2
  • texlive-afm-0:2007-57.el6_2
  • texlive-context-0:2007-57.el6_2
  • texlive-debuginfo-0:2007-57.el6_2
  • texlive-dvips-0:2007-57.el6_2
  • texlive-dviutils-0:2007-57.el6_2
  • texlive-east-asian-0:2007-57.el6_2
  • texlive-latex-0:2007-57.el6_2
  • texlive-utils-0:2007-57.el6_2
  • texlive-xetex-0:2007-57.el6_2
  • tetex-0:3.0-33.15.el5_8.1
  • tetex-afm-0:3.0-33.15.el5_8.1
  • tetex-debuginfo-0:3.0-33.15.el5_8.1
  • tetex-doc-0:3.0-33.15.el5_8.1
  • tetex-dvips-0:3.0-33.15.el5_8.1
  • tetex-fonts-0:3.0-33.15.el5_8.1
  • tetex-latex-0:3.0-33.15.el5_8.1
  • tetex-xdvi-0:3.0-33.15.el5_8.1
refmap via4
bugtraq 20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution
cert-vn VU#376500
confirm
gentoo GLSA-201701-57
mandriva MDVSA-2012:144
misc http://www.toucan-system.com/advisories/tssa-2011-01.txt
sectrack 1025266
secunia
  • 43823
  • 48985
sreason 8171
vupen ADV-2011-0728
Last major update 06-03-2019 - 16:30
Published 31-03-2011 - 23:55
Last modified 06-03-2019 - 16:30
Back to Top