MiracleLinux 4 : t1lib-5.1.2-6.AXS4.1 (AXSA:2012-77:01)

🗓️ 14 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 4 ships t1lib 5.1.2 with multiple CVEs enabling remote code execution or denial of service.

Reporter	Title	Published	Views	Family All 240
Amazon	Medium: t1lib	2 Feb 201200:00	–	amazon
Amazon	Medium: texlive	4 Mar 201200:00	–	amazon
Tenable Nessus	Amazon Linux AMI : t1lib (ALAS-2012-40)	4 Sep 201300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : texlive (ALAS-2012-48)	4 Sep 201300:00	–	nessus
Tenable Nessus	CentOS 6 : t1lib (CESA-2012:0062)	31 Jan 201200:00	–	nessus
Tenable Nessus	CentOS 6 : texlive (CESA-2012:0137)	17 Feb 201200:00	–	nessus
Tenable Nessus	CentOS 5 : tetex (CESA-2012:1201)	24 Aug 201200:00	–	nessus
Tenable Nessus	Debian DSA-2357-1 : evince - several vulnerabilities	5 Dec 201100:00	–	nessus
Tenable Nessus	Debian DSA-2388-1 : t1lib - several vulnerabilities	16 Jan 201200:00	–	nessus
Tenable Nessus	Fedora 14 : evince-2.32.0-3.fc14 (2011-0208)	10 Jan 201100:00	–	nessus

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/2566
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2012-77:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(283967);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/14");

  script_cve_id(
    "CVE-2010-2642",
    "CVE-2011-0433",
    "CVE-2011-0764",
    "CVE-2011-1552",
    "CVE-2011-1553",
    "CVE-2011-1554"
  );

  script_name(english:"MiracleLinux 4 : t1lib-5.1.2-6.AXS4.1 (AXSA:2012-77:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the
AXSA:2012-77:01 advisory.

    T1lib is a rasterizer library for Adobe Type 1 Fonts. It supports rotation and transformation, kerning
    underlining and antialiasing. It does not depend on X11, but does provides some special functions for X11.
    AFM-files can be generated from Type 1 font files and font subsetting is possible.
    Security issues fixed with this release:
    CVE-2010-2642
    Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier,
    teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service
    (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file
    that is processed by the thumbnailer.
    CVE-2011-0433
    No information available at the time of writing, see the link below.
    CVE-2011-0764
    t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, uses an invalid pointer in
    conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a
    crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.
    CVE-2011-1552
    t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, reads from invalid memory
    locations, which allows remote attackers to cause a denial of service (application crash) via a crafted
    Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.
    CVE-2011-1553
    Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other
    products, allows remote attackers to cause a denial of service (application crash) via a PDF document
    containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than
    CVE-2011-0764.
    CVE-2011-1554
    Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows
    remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted
    Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a
    different vulnerability than CVE-2011-0764.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/2566");
  script_set_attribute(attribute:"solution", value:
"Update the affected t1lib package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2010-2642");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2011-1554");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:t1lib");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'t1lib-5.1.2-6.AXS4.1', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'t1lib-5.1.2-6.AXS4.1', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 't1lib');
}

14 Jan 2026 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 27.6

EPSS0.31187