CVE-2011-1554

2011-03-3123:55:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2011-1554

t1lib

xpdf

tetex

denial of service

application crash

pdf

type 1 font

remote attackers

memory read

integer overflow

pointer dereference

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.029 Low

EPSS

Percentile

90.7%

JSON

Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.

CPENameOperatorVersion
t1lib:t1libt1lible5.1.2
t1lib:t1libt1libeq0.1
t1lib:t1libt1libeq0.2
t1lib:t1libt1libeq0.3
t1lib:t1libt1libeq0.4
t1lib:t1libt1libeq0.5
t1lib:t1libt1libeq0.6
t1lib:t1libt1libeq0.7
t1lib:t1libt1libeq0.8
t1lib:t1libt1libeq0.9

CPE	Name	Operator	Version
t1lib:t1lib	t1lib	le	5.1.2
t1lib:t1lib	t1lib	eq	0.1
t1lib:t1lib	t1lib	eq	0.2
t1lib:t1lib	t1lib	eq	0.3
t1lib:t1lib	t1lib	eq	0.4
t1lib:t1lib	t1lib	eq	0.5
t1lib:t1lib	t1lib	eq	0.6
t1lib:t1lib	t1lib	eq	0.7
t1lib:t1lib	t1lib	eq	0.8
t1lib:t1lib	t1lib	eq	0.9