CVE-2011-0433 — Heap-based Buffer Overflow in Tetex

CWE-122 — Heap-based Buffer Overflow CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-193 — Off-by-one Error18 documents8 sources

Severity

6.8MEDIUMNVD

CNA7.6OSV7.6

EPSS

1.9%

top 16.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Evince Tetex

Timeline

PublishedNov 19

Latest updateMay 17

Description

Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Debiangnome/evince< 2.32.0-1+3

▶NVDtetex/tetex3.0

🔴Vulnerability Details

GHSA

GHSA-m37c-h529-2gqw: Heap-based buffer overflow in the linetoken function in afmparse↗2022-05-17

▶

OSV

CVE-2011-0433: Heap-based buffer overflow in the linetoken function in afmparse↗2012-11-19

▶

CVEList

CVE-2011-0433: Heap-based buffer overflow in the linetoken function in afmparse↗2012-11-19

▶

📋Vendor Advisories

Ubuntu

Evince vulnerability↗2012-01-25

▶

Ubuntu

t1lib vulnerabilities↗2012-01-19

▶

Red Hat

t1lib: off-by-one errors in token and linetoken↗2011-03-04

▶

Red Hat

t1lib: Heap-based buffer overflow DVI file AFM font parser↗2011-01-30

▶

Debian

CVE-2011-0433: evince - Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as ...↗2011

▶

💬Community

Bugzilla

CVE-2011-5244 t1lib: off-by-one errors in token and linetoken↗2012-11-20

▶

Bugzilla

CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 t1lib various flaws [fedora-all]↗2012-01-10

▶

Bugzilla

xorg-x11-server-utils: xrdb regression introduced by the CVE-2011-0465 fix [rhel-6]↗2011-04-13

▶

Bugzilla

xorg-x11-server-utils: xrdb regression introduced by the CVE-2011-0465 fix [rhel-5]↗2011-04-13

▶

Bugzilla

CVE-2011-0433 t1lib: Heap-based buffer overflow DVI file AFM font parser [fedora-all]↗2011-02-23

▶