cbcvebase.
CVE-2011-0433
published 2012-11-19

CVE-2011-0433: Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote…

PriorityP433medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
4.21%
89.7th percentile
Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianevince< evince 2.32.0-1 (bookworm)evince 2.32.0-1 (bookworm)
gnomeevince>= 0 < 2.32.0-12.32.0-1
gnomeevince>= 0 < 2.32.0-12.32.0-1
gnomeevince>= 0 < 2.32.0-12.32.0-1
gnomeevince>= 0 < 2.32.0-12.32.0-1
tetextetex

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.6HIGH
vendor_debian7.6HIGH
vendor_redhat7.6HIGH
vendor_ubuntu7.6HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.