CVE-2011-5244
published 2012-11-19CVE-2011-5244: Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and…
PriorityP429medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.36%
87.2th percentile
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | evince | < evince 2.32.0-1 (bookworm) | evince 2.32.0-1 (bookworm) |
| gnome | evince | >= 0 < 2.32.0-1 | 2.32.0-1 |
| gnome | evince | >= 0 < 2.32.0-1 | 2.32.0-1 |
| gnome | evince | >= 0 < 2.32.0-1 | 2.32.0-1 |
| gnome | evince | >= 0 < 2.32.0-1 | 2.32.0-1 |
| tetex | tetex | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.6HIGH
vendor_debian7.6HIGH
vendor_redhat7.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
t1lib: off-by-one errors in token and linetoken
vendor_redhat·2011-03-04·CVSS 7.6
CVE-2011-5244 [HIGH] CWE-193 t1lib: off-by-one errors in token and linetoken
t1lib: off-by-one errors in token and linetoken
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
Statement: Not Vulnerable. This issue did not affect the version of tetex as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of t1lib and evince as shipped with Red Hat Enterprise Linux 6. Because the advisory released to fix CVE-2010-2642 completely resolved the problem without introducing this flaw.
Pac
Debian
CVE-2011-5244: evince - Multiple off-by-one errors in the (1) token and (2) linetoken functions in backe...
vendor_debian·2011·CVSS 7.6
CVE-2011-5244 [HIGH] CVE-2011-5244: evince - Multiple off-by-one errors in the (1) token and (2) linetoken functions in backe...
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
Scope: local
bookworm: resolved (fixed in 2.32.0-1)
bullseye: resolved (fixed in 2.32.0-1)
forky: resolved (fixed in 2.32.0-1)
sid: resolved (fixed in 2.32.0-1)
trixie: resolved (fixed in 2.32.0-1)
GHSA
GHSA-2jx2-275x-4xpq: Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse
ghsa_unreviewed·2022-05-17·CVSS 7.6
CVE-2011-5244 [HIGH] GHSA-2jx2-275x-4xpq: Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
OSV
CVE-2011-5244: Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse
osv·2012-11-19·CVSS 7.6
CVE-2011-5244 [HIGH] CVE-2011-5244: Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-5244 t1lib: off-by-one errors in token and linetoken
bugzilla·2012-11-20·CVSS 7.6
CVE-2011-5244 [HIGH] CVE-2011-5244 t1lib: off-by-one errors in token and linetoken
CVE-2011-5244 t1lib: off-by-one errors in token and linetoken
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-5244 to the following vulnerability:
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics ((AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5244
[2] http://www.openwall.com/lists/oss-security/2011/03/04/21
[3] http://git.gnome.org/browse/evince/commit/?id=439c5070022e
[4] http://git.gn
Bugzilla
CVE-2011-0433 t1lib: Heap-based buffer overflow DVI file AFM font parser
bugzilla·2011-02-23·CVSS 7.6
CVE-2011-0433 [HIGH] CVE-2011-0433 t1lib: Heap-based buffer overflow DVI file AFM font parser
CVE-2011-0433 t1lib: Heap-based buffer overflow DVI file AFM font parser
A heap-based buffer overflow flaw was found in the way AFM font file
parser, used for rendering of DVI files, in GNOME evince document viewer
and other products, processed line tokens from the given input stream.
A remote attacker could provide a DVI file, with embedded specially-crafted
font file, and trick the local user to open it with an application using
the AFM font parser, leading to that particular application crash or,
potentially, arbitrary code execution with the privileges of the user
running the application. Different vulnerability than CVE-2010-2642.
Upstream bug report:
[1] https://bugzilla.gnome.org/show_bug.cgi?id=640923
Upstream patch:
[2] https://bugzilla.gnome.org/show_bug.cgi?id=640923#c1
Dis
http://git.gnome.org/browse/evince/commit/?id=439c5070022ehttp://git.gnome.org/browse/evince/commit/?id=d4139205b010http://www.openwall.com/lists/oss-security/2011/03/04/21https://bugzilla.gnome.org/show_bug.cgi?id=643882https://exchange.xforce.ibmcloud.com/vulnerabilities/80271https://security.gentoo.org/glsa/201701-57http://git.gnome.org/browse/evince/commit/?id=439c5070022ehttp://git.gnome.org/browse/evince/commit/?id=d4139205b010http://www.openwall.com/lists/oss-security/2011/03/04/21https://bugzilla.gnome.org/show_bug.cgi?id=643882https://exchange.xforce.ibmcloud.com/vulnerabilities/80271https://security.gentoo.org/glsa/201701-57
2012-11-19
Published