CVE-2011-0764

EPSS 31.19%
Published 31.03.2011 22:55:02
Last modified 11.04.2025 00:51:21
Source cret@cert.org
Teams watchlist Login
Open Login

t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.

Affected products Warnungen 0 Metrics 2 CWE 1 References 21

Data is provided by the National Vulnerability Database (NVD)

T1lib ≫ T1lib Version <= 5.1.2

T1lib ≫ T1lib Version0.1 Updatealpha

T1lib ≫ T1lib Version0.2 Updatebeta

T1lib ≫ T1lib Version0.3 Updatebeta

T1lib ≫ T1lib Version0.4 Updatebeta

T1lib ≫ T1lib Version0.5 Updatebeta

T1lib ≫ T1lib Version0.6 Updatebeta

T1lib ≫ T1lib Version0.7 Updatebeta

T1lib ≫ T1lib Version0.8 Updatebeta

T1lib ≫ T1lib Version0.9

T1lib ≫ T1lib Version0.9.1

T1lib ≫ T1lib Version0.9.2

T1lib ≫ T1lib Version1.0

T1lib ≫ T1lib Version1.0.1

T1lib ≫ T1lib Version1.1.0

T1lib ≫ T1lib Version1.1.1

T1lib ≫ T1lib Version1.2

T1lib ≫ T1lib Version1.3

T1lib ≫ T1lib Version1.3.1

T1lib ≫ T1lib Version5.0.0

T1lib ≫ T1lib Version5.0.1

T1lib ≫ T1lib Version5.0.2

T1lib ≫ T1lib Version5.1.0

T1lib ≫ T1lib Version5.1.1

Foolabs ≫ Xpdf Version0.5a

Foolabs ≫ Xpdf Version0.7a

Foolabs ≫ Xpdf Version0.91a

Foolabs ≫ Xpdf Version0.91b

Foolabs ≫ Xpdf Version0.91c

Foolabs ≫ Xpdf Version0.92a

Foolabs ≫ Xpdf Version0.92b

Foolabs ≫ Xpdf Version0.92c

Foolabs ≫ Xpdf Version0.92d

Foolabs ≫ Xpdf Version0.92e

Foolabs ≫ Xpdf Version0.93a

Foolabs ≫ Xpdf Version0.93b

Foolabs ≫ Xpdf Version0.93c

Foolabs ≫ Xpdf Version1.00a

Foolabs ≫ Xpdf Version3.0.1

Foolabs ≫ Xpdf Version3.02pl1

Foolabs ≫ Xpdf Version3.02pl2

Foolabs ≫ Xpdf Version3.02pl3

Foolabs ≫ Xpdf Version3.02pl4

Glyphandcog ≫ Xpdfreader Version <= 3.02

Glyphandcog ≫ Xpdfreader Version0.2

Glyphandcog ≫ Xpdfreader Version0.3

Glyphandcog ≫ Xpdfreader Version0.4

Glyphandcog ≫ Xpdfreader Version0.5

Glyphandcog ≫ Xpdfreader Version0.6

Glyphandcog ≫ Xpdfreader Version0.7

Glyphandcog ≫ Xpdfreader Version0.80

Glyphandcog ≫ Xpdfreader Version0.90

Glyphandcog ≫ Xpdfreader Version0.91

Glyphandcog ≫ Xpdfreader Version0.92

Glyphandcog ≫ Xpdfreader Version0.93

Glyphandcog ≫ Xpdfreader Version1.00

Glyphandcog ≫ Xpdfreader Version1.01

Glyphandcog ≫ Xpdfreader Version2.00

Glyphandcog ≫ Xpdfreader Version2.01

Glyphandcog ≫ Xpdfreader Version2.02

Glyphandcog ≫ Xpdfreader Version2.03

Glyphandcog ≫ Xpdfreader Version3.00

Glyphandcog ≫ Xpdfreader Version3.01

Glyphandcog ≫ Xpdfreader Version3.02

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	31.19%	0.964

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2012-1201.html

http://www.mandriva.com/security/advisories?name=MDVSA-2012:144

https://security.gentoo.org/glsa/201701-57

http://secunia.com/advisories/43823

Vendor Advisory

http://secunia.com/advisories/47347

http://secunia.com/advisories/48985

http://securityreason.com/securityalert/8171

http://securitytracker.com/id?1025266

http://www.foolabs.com/xpdf/download.html

Patch

http://www.kb.cert.org/vuls/id/376500