CVE-2011-0764

CWE-20Improper Input ValidationCWE-193CWE-416Use After Free16 documents8 sources
Severity
6.8MEDIUM
EPSS
31.2%
top 3.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Glyphandcog XpdfreaderT1lib T1libFoolabs Xpdf
Timeline
PublishedMar 31
Latest updateMay 14

Description

t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

Debianxpdf< 3.02-9+3
NVDt1lib/t1lib5.1.2+23
NVDfoolabs/xpdf19 versions+18

Patches

Patch: www.foolabs.comPatch: www.foolabs.com

🔴Vulnerability Details

3
GHSA
GHSA-cw28-q96h-5px5: t1lib 52022-05-14
OSV
CVE-2011-0764: t1lib 52011-03-31
CVEList
CVE-2011-0764: t1lib 52011-03-31

📋Vendor Advisories

6
Ubuntu
t1lib vulnerability2011-12-21
Red Hat
t1lib: Invalid pointer dereference via crafted Type 1 font2011-03-28
Red Hat
t1lib: Off-by-one via crafted Type 1 font2011-03-28
Red Hat
t1lib: Use-after-free via crafted Type 1 font2011-03-28
Red Hat
t1lib: invalid read crash via crafted Type 1 font2011-03-28

💬Community

5
Bugzilla
CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 t1lib various flaws [fedora-all]2012-01-10
Bugzilla
CVE-2011-0764 t1lib: Invalid pointer dereference via crafted Type 1 font2011-04-01
Bugzilla
CVE-2011-1552 t1lib: invalid read crash via crafted Type 1 font2011-04-01
Bugzilla
CVE-2011-1553 t1lib: Use-after-free via crafted Type 1 font2011-04-01
Bugzilla
CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 t1lib various flaws [epel-5]2011-02-23
CVE-2011-0764 (MEDIUM CVSS 6.8) | t1lib 5.1.2 and earlier | cvebase.io