T1lib : Security Vulnerabilities, CVEs, Published In 2011 (Overflow)
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.
Max CVSS
4.3
EPSS Score
2.86%
Published
2011-03-31
Updated
2019-03-06
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.
Max CVSS
4.3
EPSS Score
2.58%
Published
2011-03-31
Updated
2019-03-06
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
Max CVSS
7.6
EPSS Score
8.64%
Published
2011-01-07
Updated
2017-07-01
3 vulnerabilities found