CVE-2011-0433
published 2012-11-19CVE-2011-0433: Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote…
PriorityP433medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
4.21%
89.7th percentile
Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | evince | < evince 2.32.0-1 (bookworm) | evince 2.32.0-1 (bookworm) |
| gnome | evince | >= 0 < 2.32.0-1 | 2.32.0-1 |
| gnome | evince | >= 0 < 2.32.0-1 | 2.32.0-1 |
| gnome | evince | >= 0 < 2.32.0-1 | 2.32.0-1 |
| gnome | evince | >= 0 < 2.32.0-1 | 2.32.0-1 |
| tetex | tetex | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.6HIGH
vendor_debian7.6HIGH
vendor_redhat7.6HIGH
vendor_ubuntu7.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Evince vulnerability
vendor_ubuntu·2012-01-25
CVE-2011-0433 Evince vulnerability
Title: Evince vulnerability
Summary: Evince could be made to crash or run programs as your login if it opened a
specially crafted file.
It was discovered that Evince did not properly parse AFM font files when
processing DVI files. If a user were tricked into opening a specially
crafted DVI file, an attacker could cause Evince to crash or potentially
execute arbitrary code with the privileges of the user invoking the
program.
In the default installation, attackers would be isolated by the Evince
AppArmor profile.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
t1lib vulnerabilities
vendor_ubuntu·2012-01-19·CVSS 7.6
CVE-2010-2642 [HIGH] t1lib vulnerabilities
Title: t1lib vulnerabilities
Summary: t1lib could be made to crash or run programs as your login if it opened a
specially crafted font file.
Jon Larimer discovered that t1lib did not properly parse AFM fonts. If a
user were tricked into using a specially crafted font file, a remote
attacker could cause t1lib to crash or possibly execute arbitrary code with
user privileges. (CVE-2010-2642, CVE-2011-0433)
Jonathan Brossard discovered that t1lib did not correctly handle certain
malformed font files. If a user were tricked into using a specially crafted
font file, a remote attacker could cause t1lib to crash. (CVE-2011-1552,
CVE-2011-1553, CVE-2011-1554)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
t1lib: off-by-one errors in token and linetoken
vendor_redhat·2011-03-04·CVSS 7.6
CVE-2011-5244 [HIGH] CWE-193 t1lib: off-by-one errors in token and linetoken
t1lib: off-by-one errors in token and linetoken
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
Statement: Not Vulnerable. This issue did not affect the version of tetex as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of t1lib and evince as shipped with Red Hat Enterprise Linux 6. Because the advisory released to fix CVE-2010-2642 completely resolved the problem without introducing this flaw.
Pac
Red Hat
t1lib: Heap-based buffer overflow DVI file AFM font parser
vendor_redhat·2011-01-30·CVSS 7.6
CVE-2011-0433 [HIGH] CWE-122 t1lib: Heap-based buffer overflow DVI file AFM font parser
t1lib: Heap-based buffer overflow DVI file AFM font parser
Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.
Statement: Not vulnerable. This issue did not affect the versions of evince as shipped with Red Hat Enterprise Linux 5 and 6.
Package: tetex (Red Hat Enterprise Linux 4) - Affected
Package: evince (Red Hat Enterprise Linux 5) - Not affected
Package: evince (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2011-5244: evince - Multiple off-by-one errors in the (1) token and (2) linetoken functions in backe...
vendor_debian·2011·CVSS 7.6
CVE-2011-5244 [HIGH] CVE-2011-5244: evince - Multiple off-by-one errors in the (1) token and (2) linetoken functions in backe...
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
Scope: local
bookworm: resolved (fixed in 2.32.0-1)
bullseye: resolved (fixed in 2.32.0-1)
forky: resolved (fixed in 2.32.0-1)
sid: resolved (fixed in 2.32.0-1)
trixie: resolved (fixed in 2.32.0-1)
Debian
CVE-2011-0433: evince - Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as ...
vendor_debian·2011·CVSS 7.6
CVE-2011-0433 [HIGH] CVE-2011-0433: evince - Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as ...
Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.
Scope: local
bookworm: resolved (fixed in 2.32.0-1)
bullseye: resolved (fixed in 2.32.0-1)
forky: resolved (fixed in 2.32.0-1)
sid: resolved (fixed in 2.32.0-1)
trixie: resolved (fixed in 2.32.0-1)
GHSA
GHSA-2jx2-275x-4xpq: Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse
ghsa_unreviewed·2022-05-17·CVSS 7.6
CVE-2011-5244 [HIGH] GHSA-2jx2-275x-4xpq: Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
GHSA
GHSA-m37c-h529-2gqw: Heap-based buffer overflow in the linetoken function in afmparse
ghsa_unreviewed·2022-05-17·CVSS 7.6
CVE-2011-0433 [HIGH] CWE-119 GHSA-m37c-h529-2gqw: Heap-based buffer overflow in the linetoken function in afmparse
Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.
OSV
CVE-2011-0433: Heap-based buffer overflow in the linetoken function in afmparse
osv·2012-11-19·CVSS 7.6
CVE-2011-0433 [HIGH] CVE-2011-0433: Heap-based buffer overflow in the linetoken function in afmparse
Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.
OSV
CVE-2011-5244: Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse
osv·2012-11-19·CVSS 7.6
CVE-2011-5244 [HIGH] CVE-2011-5244: Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-5244 t1lib: off-by-one errors in token and linetoken
bugzilla·2012-11-20·CVSS 7.6
CVE-2011-5244 [HIGH] CVE-2011-5244 t1lib: off-by-one errors in token and linetoken
CVE-2011-5244 t1lib: off-by-one errors in token and linetoken
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-5244 to the following vulnerability:
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics ((AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5244
[2] http://www.openwall.com/lists/oss-security/2011/03/04/21
[3] http://git.gnome.org/browse/evince/commit/?id=439c5070022e
[4] http://git.gn
Bugzilla
CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 t1lib various flaws [fedora-all]
bugzilla·2012-01-10·CVSS 7.6
CVE-2010-2642 [HIGH] CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 t1lib various flaws [fedora-all]
CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 t1lib various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedo
Bugzilla
xorg-x11-server-utils: xrdb regression introduced by the CVE-2011-0465 fix [rhel-6]
bugzilla·2011-04-13·CVSS 9.3
CVE-2011-0465 [CRITICAL] xorg-x11-server-utils: xrdb regression introduced by the CVE-2011-0465 fix [rhel-6]
xorg-x11-server-utils: xrdb regression introduced by the CVE-2011-0465 fix [rhel-6]
3256435 build (RHEL-6.0-Z-candidate, /cvs/dist:rpms/xorg-x11-server-utils/RHEL-6:xorg-x11-server-utils-7_4-15_el6_0_2): open (ia64-003.build.bos.redhat.com) -> closed
MODIFIED
Discussion:
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
A previous advisory, the RHSA-2011:0433 xorg-x11-server-utils security update, applied a backported patch to fix a flaw in the X server resource database utility, xrdb. While this patch resolved the security issue, it also introduced an error in the macro expansion mechanism. Consequent to this, an attempt to run the xrdb utili
Bugzilla
xorg-x11-server-utils: xrdb regression introduced by the CVE-2011-0465 fix [rhel-5]
bugzilla·2011-04-13·CVSS 9.3
CVE-2011-0465 [CRITICAL] xorg-x11-server-utils: xrdb regression introduced by the CVE-2011-0465 fix [rhel-5]
xorg-x11-server-utils: xrdb regression introduced by the CVE-2011-0465 fix [rhel-5]
3256475 build (RHEL-5.6-Z-candidate, /cvs/dist:rpms/xorg-x11-server-utils/RHEL-5:xorg-x11-server-utils-7_1-5_el5_6_2) completed successfully
MODIFIED
Discussion:
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
A previous advisory, the RHSA-2011:0433 xorg-x11-server-utils security update, applied a backported patch to fix a flaw in the X server resource database utility, xrdb. While this patch resolved the security issue, it also introduced an error in the macro expansion mechanism. Consequent to this, an attempt to run the xrdb utility could fail with the fol
Bugzilla
CVE-2011-0433 t1lib: Heap-based buffer overflow DVI file AFM font parser [fedora-all]
bugzilla·2011-02-23·CVSS 6.8
CVE-2011-0433 [MEDIUM] CVE-2011-0433 t1lib: Heap-based buffer overflow DVI file AFM font parser [fedora-all]
CVE-2011-0433 t1lib: Heap-based buffer overflow DVI file AFM font parser [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=679732
Please note: this issue affec
Bugzilla
CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 t1lib various flaws [epel-5]
bugzilla·2011-02-23·CVSS 6.8
CVE-2011-0433 [MEDIUM] CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 t1lib various flaws [epel-5]
CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 t1lib various flaws [epel-5]
epel-5 tracking bug for t1lib: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
Adding parent bug CVE-2011-0764
New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=679732,692909
---
Adding parent bug CVE-2011-1552
New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=679732,692909,692853
---
Adding parent bug CVE-2011-1553
New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=679732,692909,692853,692854
---
Addin
Bugzilla
CVE-2011-0433 evince, t1lib: Heap-based buffer overflow DVI file AFM font parser [fedora-all]
bugzilla·2011-02-23·CVSS 6.8
CVE-2011-0433 [MEDIUM] CVE-2011-0433 evince, t1lib: Heap-based buffer overflow DVI file AFM font parser [fedora-all]
CVE-2011-0433 evince, t1lib: Heap-based buffer overflow DVI file AFM font parser [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=679732
Please note: this iss
Bugzilla
CVE-2011-0433 t1lib: Heap-based buffer overflow DVI file AFM font parser
bugzilla·2011-02-23·CVSS 7.6
CVE-2011-0433 [HIGH] CVE-2011-0433 t1lib: Heap-based buffer overflow DVI file AFM font parser
CVE-2011-0433 t1lib: Heap-based buffer overflow DVI file AFM font parser
A heap-based buffer overflow flaw was found in the way AFM font file
parser, used for rendering of DVI files, in GNOME evince document viewer
and other products, processed line tokens from the given input stream.
A remote attacker could provide a DVI file, with embedded specially-crafted
font file, and trick the local user to open it with an application using
the AFM font parser, leading to that particular application crash or,
potentially, arbitrary code execution with the privileges of the user
running the application. Different vulnerability than CVE-2010-2642.
Upstream bug report:
[1] https://bugzilla.gnome.org/show_bug.cgi?id=640923
Upstream patch:
[2] https://bugzilla.gnome.org/show_bug.cgi?id=640923#c1
Dis
http://rhn.redhat.com/errata/RHSA-2012-1201.htmlhttp://secunia.com/advisories/48985http://www.mandriva.com/security/advisories?name=MDVSA-2012:144http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/https://bugzilla.gnome.org/show_bug.cgi?id=640923https://bugzilla.redhat.com/show_bug.cgi?id=679732https://security.gentoo.org/glsa/201701-57http://rhn.redhat.com/errata/RHSA-2012-1201.htmlhttp://secunia.com/advisories/48985http://www.mandriva.com/security/advisories?name=MDVSA-2012:144http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/https://bugzilla.gnome.org/show_bug.cgi?id=640923https://bugzilla.redhat.com/show_bug.cgi?id=679732https://security.gentoo.org/glsa/201701-57
2012-11-19
Published