CVE-2011-1552

CWE-119Buffer Overflow11 documents9 sources
Severity
4.3MEDIUM
EPSS
22.4%
top 4.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Glyphandcog XpdfreaderT1lib T1libFoolabs Xpdf
Timeline
PublishedMar 31
Latest updateMay 14

Description

t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

Debianxpdf< 3.02-9+3
NVDt1lib/t1lib5.1.2+23
NVDfoolabs/xpdf19 versions+18

Patches

Patch: www.foolabs.comPatch: www.foolabs.com

🔴Vulnerability Details

3
GHSA
GHSA-fwp8-g83m-q34j: t1lib 52022-05-14
OSV
CVE-2011-1552: t1lib 52011-03-31
CVEList
CVE-2011-1552: t1lib 52011-03-31

💥Exploits & PoCs

1
Exploit-DB
HP OpenView Network Node Manager (OV NNM) - 'snmpviewer.exe' Remote Buffer Overflow (Metasploit)2011-03-23

📋Vendor Advisories

3
Ubuntu
t1lib vulnerabilities2012-01-19
Red Hat
t1lib: invalid read crash via crafted Type 1 font2011-03-28
Debian
CVE-2011-1552: poppler - t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other produc...2011

💬Community

3
Bugzilla
CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 t1lib various flaws [fedora-all]2012-01-10
Bugzilla
CVE-2011-1552 t1lib: invalid read crash via crafted Type 1 font2011-04-01
Bugzilla
CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 t1lib various flaws [epel-5]2011-02-23
CVE-2011-1552 (MEDIUM CVSS 4.3) | t1lib 5.1.2 and earlier | cvebase.io