Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2011-0433

Опубликовано: 19 нояб. 2012
Источник: debian
EPSS Низкий

Описание

Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
evincefixed2.32.0-1package
evincefixed2.30.3-2+squeeze1squeezepackage
vftoolfixed2.0alpha-4.1package
vftoolfixed2.0alpha-4+squeeze1squeezepackage
vftoolfixed2.0alpha-3+lenny1lennypackage
t1libfixed5.1.2-3.5package
t1libfixed5.1.2-3+lenny1lennypackage
t1libfixed5.1.2-3+squeeze1squeezepackage

Примечания

  • https://bugzilla.gnome.org/show_bug.cgi?id=640923

  • vuln source file is lib/t1lib/parseAFM.c, which differs slightly from evince's afmparse.c in the affected areas but it is indeed affected

  • https://bugzilla.gnome.org/show_bug.cgi?id=640923

  • https://bugzilla.gnome.org/show_bug.cgi?id=643882

EPSS

Процентиль: 84%
0.02421
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2011-0433

ubuntu
больше 12 лет назад

Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.

redhat логотип

CVE-2011-0433

redhat
больше 14 лет назад

Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.

nvd логотип

CVE-2011-0433

nvd
больше 12 лет назад

Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.

github логотип

GHSA-m37c-h529-2gqw

github
около 3 лет назад

Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.

oracle-oval логотип

ELSA-2012-0137

oracle-oval
больше 13 лет назад

ELSA-2012-0137: texlive security update (MODERATE)

EPSS

Процентиль: 84%
0.02421
Низкий