4.3

CVE-2011-1554

EPSS 6.58%
Published 31.03.2011 23:55:00
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.

Affected products Warnungen 0 Metrics 2 CWE 0 References 16

Data is provided by the National Vulnerability Database (NVD)

T1lib ≫ T1lib Version <= 5.1.2

T1lib ≫ T1lib Version0.1 Updatealpha

T1lib ≫ T1lib Version0.2 Updatebeta

T1lib ≫ T1lib Version0.3 Updatebeta

T1lib ≫ T1lib Version0.4 Updatebeta

T1lib ≫ T1lib Version0.5 Updatebeta

T1lib ≫ T1lib Version0.6 Updatebeta

T1lib ≫ T1lib Version0.7 Updatebeta

T1lib ≫ T1lib Version0.8 Updatebeta

T1lib ≫ T1lib Version0.9

T1lib ≫ T1lib Version0.9.1

T1lib ≫ T1lib Version0.9.2

T1lib ≫ T1lib Version1.0

T1lib ≫ T1lib Version1.0.1

T1lib ≫ T1lib Version1.1.0

T1lib ≫ T1lib Version1.1.1

T1lib ≫ T1lib Version1.2

T1lib ≫ T1lib Version1.3

T1lib ≫ T1lib Version1.3.1

T1lib ≫ T1lib Version5.0.0

T1lib ≫ T1lib Version5.0.1

T1lib ≫ T1lib Version5.0.2

T1lib ≫ T1lib Version5.1.0

T1lib ≫ T1lib Version5.1.1

Foolabs ≫ Xpdf Version0.5a

Foolabs ≫ Xpdf Version0.7a

Foolabs ≫ Xpdf Version0.91a

Foolabs ≫ Xpdf Version0.91b

Foolabs ≫ Xpdf Version0.91c

Foolabs ≫ Xpdf Version0.92a

Foolabs ≫ Xpdf Version0.92b

Foolabs ≫ Xpdf Version0.92c

Foolabs ≫ Xpdf Version0.92d

Foolabs ≫ Xpdf Version0.92e

Foolabs ≫ Xpdf Version0.93a

Foolabs ≫ Xpdf Version0.93b

Foolabs ≫ Xpdf Version0.93c

Foolabs ≫ Xpdf Version1.00a

Foolabs ≫ Xpdf Version3.0.1

Foolabs ≫ Xpdf Version3.02pl1

Foolabs ≫ Xpdf Version3.02pl2

Foolabs ≫ Xpdf Version3.02pl3

Foolabs ≫ Xpdf Version3.02pl4

Glyphandcog ≫ Xpdfreader Version <= 3.02

Glyphandcog ≫ Xpdfreader Version0.2

Glyphandcog ≫ Xpdfreader Version0.3

Glyphandcog ≫ Xpdfreader Version0.4

Glyphandcog ≫ Xpdfreader Version0.5

Glyphandcog ≫ Xpdfreader Version0.6

Glyphandcog ≫ Xpdfreader Version0.7

Glyphandcog ≫ Xpdfreader Version0.80

Glyphandcog ≫ Xpdfreader Version0.90

Glyphandcog ≫ Xpdfreader Version0.91

Glyphandcog ≫ Xpdfreader Version0.92

Glyphandcog ≫ Xpdfreader Version0.93

Glyphandcog ≫ Xpdfreader Version1.00

Glyphandcog ≫ Xpdfreader Version1.01

Glyphandcog ≫ Xpdfreader Version2.00

Glyphandcog ≫ Xpdfreader Version2.01

Glyphandcog ≫ Xpdfreader Version2.02

Glyphandcog ≫ Xpdfreader Version2.03

Glyphandcog ≫ Xpdfreader Version3.00

Glyphandcog ≫ Xpdfreader Version3.01

Glyphandcog ≫ Xpdfreader Version3.02

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	6.58%	0.902

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

http://rhn.redhat.com/errata/RHSA-2012-1201.html

http://www.mandriva.com/security/advisories?name=MDVSA-2012:144

https://security.gentoo.org/glsa/201701-57

http://secunia.com/advisories/43823

Vendor Advisory

http://secunia.com/advisories/48985

http://securityreason.com/securityalert/8171

http://securitytracker.com/id?1025266

http://www.foolabs.com/xpdf/download.html

Patch

http://www.kb.cert.org/vuls/id/376500

US Government Resource

http://www.kb.cert.org/vuls/id/MAPG-8ECL8X

US Government Resource

http://www.securityfocus.com/archive/1/517205/100/0/threaded

http://www.toucan-system.com/advisories/tssa-2011-01.txt

http://www.vupen.com/english/advisories/2011/0728

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2011-1554

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1554

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1554

EUVD