6.8
CVE-2011-0764
- EPSS 13.06%
- Veröffentlicht 31.03.2011 22:55:02
- Zuletzt bearbeitet 16.06.2026 23:28:01
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Glyphandcog ≫ Xpdfreader Version <= 3.02
Glyphandcog ≫ Xpdfreader Version0.2
Glyphandcog ≫ Xpdfreader Version0.3
Glyphandcog ≫ Xpdfreader Version0.4
Glyphandcog ≫ Xpdfreader Version0.5
Glyphandcog ≫ Xpdfreader Version0.6
Glyphandcog ≫ Xpdfreader Version0.7
Glyphandcog ≫ Xpdfreader Version0.80
Glyphandcog ≫ Xpdfreader Version0.90
Glyphandcog ≫ Xpdfreader Version0.91
Glyphandcog ≫ Xpdfreader Version0.92
Glyphandcog ≫ Xpdfreader Version0.93
Glyphandcog ≫ Xpdfreader Version1.00
Glyphandcog ≫ Xpdfreader Version1.01
Glyphandcog ≫ Xpdfreader Version2.00
Glyphandcog ≫ Xpdfreader Version2.01
Glyphandcog ≫ Xpdfreader Version2.02
Glyphandcog ≫ Xpdfreader Version2.03
Glyphandcog ≫ Xpdfreader Version3.00
Glyphandcog ≫ Xpdfreader Version3.01
Glyphandcog ≫ Xpdfreader Version3.02
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 13.06% | 0.958 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://rhn.redhat.com/errata/RHSA-2012-1201.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
https://security.gentoo.org/glsa/201701-57
http://secunia.com/advisories/43823
http://secunia.com/advisories/47347
http://secunia.com/advisories/48985
http://securityreason.com/securityalert/8171
http://securitytracker.com/id?1025266
http://www.foolabs.com/xpdf/download.html
http://www.kb.cert.org/vuls/id/376500
http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
http://www.mandriva.com/security/advisories?name=MDVSA-2012:002
http://www.securityfocus.com/archive/1/517205/100/0/threaded
http://www.securityfocus.com/bid/46941
http://www.toucan-system.com/advisories/tssa-2011-01.txt
http://www.ubuntu.com/usn/USN-1316-1
http://www.vupen.com/english/advisories/2011/0728
https://exchange.xforce.ibmcloud.com/vulnerabilities/66208