CVE-2011-0764: t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which…

medium6.8CVSS 3.1

AVNACMAuNCPIPAP

t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.

Affected

70 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	poppler	< xpdf 3.02-9 (bookworm)	xpdf 3.02-9 (bookworm)
debian	xpdf	< xpdf 3.02-9 (bookworm)	xpdf 3.02-9 (bookworm)
foolabs	xpdf	—	—
foolabs	xpdf	—	—
foolabs	xpdf	—	—
foolabs	xpdf	—	—
foolabs	xpdf	—	—
foolabs	xpdf	—	—
foolabs	xpdf	—	—
foolabs	xpdf	—	—
foolabs	xpdf	—	—
foolabs	xpdf	—	—
foolabs	xpdf	—	—
foolabs	xpdf	—	—
foolabs	xpdf	—	—
foolabs	xpdf	—	—
foolabs	xpdf	—	—
foolabs	xpdf	—	—
foolabs	xpdf	—	—
foolabs	xpdf	—	—
foolabs	xpdf	—	—
glyphandcog	xpdfreader	<= 3.02	—
glyphandcog	xpdfreader	—	—
glyphandcog	xpdfreader	—	—
glyphandcog	xpdfreader	—	—

CVSS provenance

nvd6.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P

osv6.8MEDIUM