Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0764

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-0764
Last Modified 18 Dec 2012 11:37:31
Published 31 Mar 2011 06:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0764

Summary

t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.

Vulnerable Systems

Application

  • Foolabs Xpdf 0.2

  • Foolabs Xpdf 0.3

  • Foolabs Xpdf 0.4

  • Foolabs Xpdf 0.5

  • Foolabs Xpdf 0.5a

  • Foolabs Xpdf 0.6

  • Foolabs Xpdf 0.7

  • Foolabs Xpdf 0.7a

  • Foolabs Xpdf 0.80

  • Foolabs Xpdf 0.90

  • Foolabs Xpdf 0.91

  • Foolabs Xpdf 0.91a

  • Foolabs Xpdf 0.91b

  • Foolabs Xpdf 0.91c

  • Foolabs Xpdf 0.92

  • Foolabs Xpdf 0.92a

  • Foolabs Xpdf 0.92b

  • Foolabs Xpdf 0.92c

  • Foolabs Xpdf 0.92d

  • Foolabs Xpdf 0.92e

  • Foolabs Xpdf 0.93

  • Foolabs Xpdf 0.93a

  • Foolabs Xpdf 0.93b

  • Foolabs Xpdf 0.93c

  • Foolabs Xpdf 1.00

  • Foolabs Xpdf 1.00a

  • Foolabs Xpdf 1.01

  • Foolabs Xpdf 2.00

  • Foolabs Xpdf 2.01

  • Foolabs Xpdf 2.02

  • Foolabs Xpdf 2.03

  • Foolabs Xpdf 3.0.1

  • Foolabs Xpdf 3.00

  • Foolabs Xpdf 3.01

  • Foolabs Xpdf 3.02

  • Foolabs Xpdf 3.02pl1

  • Foolabs Xpdf 3.02pl2

  • Foolabs Xpdf 3.02pl3

  • Foolabs Xpdf 3.02pl4

  • Foolabs Xpdf 3.02pl5

  • T1lib 0.1

  • T1lib 0.2

  • T1lib 0.3

  • T1lib 0.4

  • T1lib 0.5

  • T1lib 0.6

  • T1lib 0.7

  • T1lib 0.8

  • T1lib 0.9

  • T1lib 0.9.1

  • T1lib 0.9.2

  • T1lib 1.0

  • T1lib 1.0.1

  • T1lib 1.1.0

  • T1lib 1.1.1

  • T1lib 1.2

  • T1lib 1.3

  • T1lib 1.3.1

  • T1lib 5.0.0

  • T1lib 5.0.1

  • T1lib 5.0.2

  • T1lib 5.1.0

  • T1lib 5.1.1

  • T1lib 5.1.2


References

CONFIRM - http://www.kb.cert.org/vuls/id/MAPG-8ECL8X

CERT-VN - VU#376500

CONFIRM - http://www.foolabs.com/xpdf/download.html

XF - xpdf-t1lib-code-execution(66208)

VUPEN - ADV-2011-0728

MISC - http://www.toucan-system.com/advisories/tssa-2011-01.txt

BID - 46941

BUGTRAQ - 20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution

SECTRACK - 1025266

SREASON - 8171

SECUNIA - 43823

MANDRIVA - MDVSA-2012:002

UBUNTU - USN-1316-1

SECUNIA - 47347

MANDRIVA - MDVSA-2012:144

REDHAT - RHSA-2012:1201

SECUNIA - 48985

Related Patches

Red Hat 2012:1201-01 RHSA Moderate: tetex security update for RHEL 5 x86

Novell SUSE 2012:6195 t1lib security update for SLE 11 SP1 i586

Novell SUSE 2012:6195 t1lib security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8089 t1lib security update for SLE 10 SP4 i586

Novell SUSE 2012:8089 t1lib security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:56:26