CVE-2011-1554

CWE-189CWE-19311 documents9 sources
Severity
4.3MEDIUM
EPSS
6.6%
top 8.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Glyphandcog XpdfreaderT1lib T1libFoolabs Xpdf
Timeline
PublishedMar 31
Latest updateMay 14

Description

Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

Debianxpdf< 3.02-9+3
NVDt1lib/t1lib5.1.2+23
NVDfoolabs/xpdf19 versions+18

Patches

Patch: www.foolabs.comPatch: www.foolabs.com

🔴Vulnerability Details

3
GHSA
GHSA-23f5-whxg-92j5: Off-by-one error in t1lib 52022-05-14
OSV
CVE-2011-1554: Off-by-one error in t1lib 52011-03-31
CVEList
CVE-2011-1554: Off-by-one error in t1lib 52011-03-31

💥Exploits & PoCs

1
Exploit-DB
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe ICount' CGI Buffer Overflow (Metasploit)2011-03-24

📋Vendor Advisories

3
Ubuntu
t1lib vulnerabilities2012-01-19
Red Hat
t1lib: Off-by-one via crafted Type 1 font2011-03-28
Debian
CVE-2011-1554: poppler - Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teT...2011

💬Community

3
Bugzilla
CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 t1lib various flaws [fedora-all]2012-01-10
Bugzilla
CVE-2011-1554 t1lib: Off-by-one via crafted Type 1 font2011-04-01
Bugzilla
CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 t1lib various flaws [epel-5]2011-02-23
CVE-2011-1554 (MEDIUM CVSS 4.3) | Off-by-one error in t1lib 5.1.2 and | cvebase.io