CVE-2011-1552

EPSS 22.37%
Published 31.03.2011 23:55:00
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.

Affected products Warnungen 0 Metrics 2 CWE 1 References 16

Data is provided by the National Vulnerability Database (NVD)

T1lib ≫ T1lib Version <= 5.1.2

T1lib ≫ T1lib Version0.1 Updatealpha

T1lib ≫ T1lib Version0.2 Updatebeta

T1lib ≫ T1lib Version0.3 Updatebeta

T1lib ≫ T1lib Version0.4 Updatebeta

T1lib ≫ T1lib Version0.5 Updatebeta

T1lib ≫ T1lib Version0.6 Updatebeta

T1lib ≫ T1lib Version0.7 Updatebeta

T1lib ≫ T1lib Version0.8 Updatebeta

T1lib ≫ T1lib Version0.9

T1lib ≫ T1lib Version0.9.1

T1lib ≫ T1lib Version0.9.2

T1lib ≫ T1lib Version1.0

T1lib ≫ T1lib Version1.0.1

T1lib ≫ T1lib Version1.1.0

T1lib ≫ T1lib Version1.1.1

T1lib ≫ T1lib Version1.2

T1lib ≫ T1lib Version1.3

T1lib ≫ T1lib Version1.3.1

T1lib ≫ T1lib Version5.0.0

T1lib ≫ T1lib Version5.0.1

T1lib ≫ T1lib Version5.0.2

T1lib ≫ T1lib Version5.1.0

T1lib ≫ T1lib Version5.1.1

Foolabs ≫ Xpdf Version0.5a

Foolabs ≫ Xpdf Version0.7a

Foolabs ≫ Xpdf Version0.91a

Foolabs ≫ Xpdf Version0.91b

Foolabs ≫ Xpdf Version0.91c

Foolabs ≫ Xpdf Version0.92a

Foolabs ≫ Xpdf Version0.92b

Foolabs ≫ Xpdf Version0.92c

Foolabs ≫ Xpdf Version0.92d

Foolabs ≫ Xpdf Version0.92e

Foolabs ≫ Xpdf Version0.93a

Foolabs ≫ Xpdf Version0.93b

Foolabs ≫ Xpdf Version0.93c

Foolabs ≫ Xpdf Version1.00a

Foolabs ≫ Xpdf Version3.0.1

Foolabs ≫ Xpdf Version3.02pl1

Foolabs ≫ Xpdf Version3.02pl2

Foolabs ≫ Xpdf Version3.02pl3

Foolabs ≫ Xpdf Version3.02pl4

Glyphandcog ≫ Xpdfreader Version <= 3.02

Glyphandcog ≫ Xpdfreader Version0.2

Glyphandcog ≫ Xpdfreader Version0.3

Glyphandcog ≫ Xpdfreader Version0.4

Glyphandcog ≫ Xpdfreader Version0.5

Glyphandcog ≫ Xpdfreader Version0.6

Glyphandcog ≫ Xpdfreader Version0.7

Glyphandcog ≫ Xpdfreader Version0.80

Glyphandcog ≫ Xpdfreader Version0.90

Glyphandcog ≫ Xpdfreader Version0.91

Glyphandcog ≫ Xpdfreader Version0.92

Glyphandcog ≫ Xpdfreader Version0.93

Glyphandcog ≫ Xpdfreader Version1.00

Glyphandcog ≫ Xpdfreader Version1.01

Glyphandcog ≫ Xpdfreader Version2.00

Glyphandcog ≫ Xpdfreader Version2.01

Glyphandcog ≫ Xpdfreader Version2.02

Glyphandcog ≫ Xpdfreader Version2.03

Glyphandcog ≫ Xpdfreader Version3.00

Glyphandcog ≫ Xpdfreader Version3.01

Glyphandcog ≫ Xpdfreader Version3.02

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	22.37%	0.953

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://rhn.redhat.com/errata/RHSA-2012-1201.html

http://www.mandriva.com/security/advisories?name=MDVSA-2012:144

https://security.gentoo.org/glsa/201701-57

http://secunia.com/advisories/43823

Vendor Advisory

http://secunia.com/advisories/48985

http://securityreason.com/securityalert/8171

http://securitytracker.com/id?1025266

http://www.foolabs.com/xpdf/download.html

Patch

http://www.kb.cert.org/vuls/id/376500

US Government Resource