CVE-2011-1554
Last modified
CVE-2011-1554 is a vulnerability of currently unknown severity. Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.. EPSS estimates a 5.42% chance of exploitation in the next 30 days.
Description
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| T1lib | T1lib | <= 5.1.2 | — |
| T1lib | T1lib | 0.1 | Alpha |
| T1lib | T1lib | 0.2 | Beta |
| T1lib | T1lib | 0.3 | Beta |
| T1lib | T1lib | 0.4 | Beta |
| T1lib | T1lib | 0.5 | Beta |
| T1lib | T1lib | 0.6 | Beta |
| T1lib | T1lib | 0.7 | Beta |
| T1lib | T1lib | 0.8 | Beta |
| T1lib | T1lib | 0.9 | — |
| T1lib | T1lib | 0.9.1 | — |
| T1lib | T1lib | 0.9.2 | — |
| T1lib | T1lib | 1.0 | — |
| T1lib | T1lib | 1.0.1 | — |
| T1lib | T1lib | 1.1.0 | — |
| T1lib | T1lib | 1.1.1 | — |
| T1lib | T1lib | 1.2 | — |
| T1lib | T1lib | 1.3 | — |
| T1lib | T1lib | 1.3.1 | — |
| T1lib | T1lib | 5.0.0 | — |
| T1lib | T1lib | 5.0.1 | — |
| T1lib | T1lib | 5.0.2 | — |
| T1lib | T1lib | 5.1.0 | — |
| T1lib | T1lib | 5.1.1 | — |
| Foolabs | Xpdf | 0.5a | — |
| Foolabs | Xpdf | 0.7a | — |
| Foolabs | Xpdf | 0.91a | — |
| Foolabs | Xpdf | 0.91b | — |
| Foolabs | Xpdf | 0.91c | — |
| Foolabs | Xpdf | 0.92a | — |
| Foolabs | Xpdf | 0.92b | — |
| Foolabs | Xpdf | 0.92c | — |
| Foolabs | Xpdf | 0.92d | — |
| Foolabs | Xpdf | 0.92e | — |
| Foolabs | Xpdf | 0.93a | — |
| Foolabs | Xpdf | 0.93b | — |
| Foolabs | Xpdf | 0.93c | — |
| Foolabs | Xpdf | 1.00a | — |
| Foolabs | Xpdf | 3.0.1 | — |
| Foolabs | Xpdf | 3.02pl1 | — |
| Foolabs | Xpdf | 3.02pl2 | — |
| Foolabs | Xpdf | 3.02pl3 | — |
| Foolabs | Xpdf | 3.02pl4 | — |
| Glyphandcog | Xpdfreader | <= 3.02 | — |
| Glyphandcog | Xpdfreader | 0.2 | — |
| Glyphandcog | Xpdfreader | 0.3 | — |
| Glyphandcog | Xpdfreader | 0.4 | — |
| Glyphandcog | Xpdfreader | 0.5 | — |
| Glyphandcog | Xpdfreader | 0.6 | — |
| Glyphandcog | Xpdfreader | 0.7 | — |
Showing 50 of 64 affected configurations. See NVD for the full list.
References
- http://secunia.com/advisories/43823Vendor Advisory
- http://www.kb.cert.org/vuls/id/376500US Government Resource
- http://www.kb.cert.org/vuls/id/MAPG-8ECL8XUS Government Resource
- http://www.vupen.com/english/advisories/2011/0728Vendor Advisory
- http://secunia.com/advisories/43823Vendor Advisory
- http://www.kb.cert.org/vuls/id/376500US Government Resource
- http://www.kb.cert.org/vuls/id/MAPG-8ECL8XUS Government Resource
- http://www.vupen.com/english/advisories/2011/0728Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-1554?
How severe is CVE-2011-1554?
How do I fix CVE-2011-1554?
Are you affected by CVE-2011-1554?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST