Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5244

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-5244
Last Modified 25 Feb 2013 11:41:51
Published 19 Nov 2012 07:10:49
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-5244

Summary

Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.

Vulnerable Systems

Application

  • Gnome Evince -

  • T1lib

  • Tetex 3.0


References

CONFIRM - https://bugzilla.gnome.org/show_bug.cgi?id=643882

MLIST - [oss-security] 20110304 Re: Re: CVE request: More Evince overflows

MISC - http://git.gnome.org/browse/evince/commit/?id=d4139205b010

MISC - http://git.gnome.org/browse/evince/commit/?id=439c5070022e

XF - evince-token-code-exec(80271)


Last Updated: 27 May 2016 10:58:34