CVE-2011-1553

2011-03-3123:55:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2011-1553

use-after-free vulnerability

t1lib

xpdf

tetex

denial of service

pdf

type 1 font

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

90.0%

JSON

Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.

CPENameOperatorVersion
t1lib:t1libt1lible5.1.2
t1lib:t1libt1libeq0.1
t1lib:t1libt1libeq0.2
t1lib:t1libt1libeq0.3
t1lib:t1libt1libeq0.4
t1lib:t1libt1libeq0.5
t1lib:t1libt1libeq0.6
t1lib:t1libt1libeq0.7
t1lib:t1libt1libeq0.8
t1lib:t1libt1libeq0.9

CPE	Name	Operator	Version
t1lib:t1lib	t1lib	le	5.1.2
t1lib:t1lib	t1lib	eq	0.1
t1lib:t1lib	t1lib	eq	0.2
t1lib:t1lib	t1lib	eq	0.3
t1lib:t1lib	t1lib	eq	0.4
t1lib:t1lib	t1lib	eq	0.5
t1lib:t1lib	t1lib	eq	0.6
t1lib:t1lib	t1lib	eq	0.7
t1lib:t1lib	t1lib	eq	0.8
t1lib:t1lib	t1lib	eq	0.9