Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | evince | 2.31.90 |
| redhat | evince | 2.30 |
| redhat | evince | 2.31.2 |
| redhat | evince | 2.25 |
| redhat | evince | 2.31.1 |
| redhat | evince | 0.4 |
| redhat | evince | 2.30.2 |
| redhat | evince | 2.31.6 |
| redhat | evince | 0.7 |
| redhat | evince | 2.23 |
| redhat | evince | 0.5 |
| redhat | evince | 2.29 |
| redhat | evince | 0.6 |
| redhat | evince | 0.1 |
| redhat | evince | 2.29.92 |
| redhat | evince | 0.3 |
| redhat | evince | 2.19 |
| redhat | evince | 2.31.92 |
| redhat | evince | 2.27 |
| redhat | evince | 2.21 |
| redhat | evince | 2.30.3 |
| redhat | evince | 2.31 |
| redhat | evince | 2.24 |
| redhat | evince | 2.22 |
| redhat | evince | 2.26 |
| redhat | evince | * |
| redhat | evince | 2.28 |
| redhat | evince | 2.31.4 |
| t1lib | t1lib | 5.1.2 |
| redhat | evince | 0.8 |
| redhat | evince | 0.9 |
| redhat | evince | 2.31.6.1 |
| tug | tetex | 3.0 |
| redhat | evince | 2.20 |
| redhat | evince | 2.31.4.1 |
| redhat | evince | 0.2 |
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| t1lib | t1lib | 1.2 |
| foolabs | xpdf | 0.5a |
| t1lib | t1lib | 5.0.2 |
| t1lib | t1lib | 1.0 |
| glyphandcog | xpdfreader | 0.80 |
| t1lib | t1lib | 5.1.0 |
| t1lib | t1lib | 0.6 |
| t1lib | t1lib | 0.9.2 |
| foolabs | xpdf | 1.00a |
| foolabs | xpdf | 0.92a |
| foolabs | xpdf | 0.92e |
| t1lib | t1lib | 0.2 |
| foolabs | xpdf | 0.93c |
| glyphandcog | xpdfreader | 2.03 |
| t1lib | t1lib | 1.0.1 |
| t1lib | t1lib | 1.1.0 |
| foolabs | xpdf | 3.02pl3 |
| t1lib | t1lib | 1.3.1 |
| foolabs | xpdf | 0.93a |
| t1lib | t1lib | 0.7 |
| foolabs | xpdf | 0.93b |
| foolabs | xpdf | 0.92c |
| glyphandcog | xpdfreader | 0.6 |
| glyphandcog | xpdfreader | 3.01 |
| t1lib | t1lib | 0.1 |
| glyphandcog | xpdfreader | 0.7 |
| glyphandcog | xpdfreader | 2.02 |
| foolabs | xpdf | 3.0.1 |
| t1lib | t1lib | 5.0.0 |
| glyphandcog | xpdfreader | 3.02 |
| t1lib | t1lib | 0.3 |
| t1lib | t1lib | 5.0.1 |
| foolabs | xpdf | 0.91a |
| glyphandcog | xpdfreader | 0.3 |
| glyphandcog | xpdfreader | 0.4 |
| t1lib | t1lib | 1.1.1 |
| foolabs | xpdf | 3.02pl4 |
| t1lib | t1lib | 0.8 |
| glyphandcog | xpdfreader | 1.00 |
| glyphandcog | xpdfreader | 0.5 |
| glyphandcog | xpdfreader | 2.00 |
| glyphandcog | xpdfreader | 3.00 |
| t1lib | t1lib | 0.5 |
| glyphandcog | xpdfreader | 0.93 |
| t1lib | t1lib | 5.1.1 |
| foolabs | xpdf | 0.7a |
| foolabs | xpdf | 0.91b |
| foolabs | xpdf | 0.92d |
| glyphandcog | xpdfreader | 1.01 |
| glyphandcog | xpdfreader | 0.91 |
| foolabs | xpdf | 0.91c |
| glyphandcog | xpdfreader | 0.90 |
| t1lib | t1lib | 1.3 |
| glyphandcog | xpdfreader | 2.01 |
| glyphandcog | xpdfreader | * |
| t1lib | t1lib | * |
| t1lib | t1lib | 0.9 |
| foolabs | xpdf | 0.92b |
| foolabs | xpdf | 3.02pl2 |
| foolabs | xpdf | 3.02pl1 |
| glyphandcog | xpdfreader | 0.2 |
| t1lib | t1lib | 0.4 |
| glyphandcog | xpdfreader | 0.92 |
| t1lib | t1lib | 0.9.1 |
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| t1lib | t1lib | 1.2 |
| foolabs | xpdf | 0.5a |
| t1lib | t1lib | 5.0.2 |
| t1lib | t1lib | 1.0 |
| glyphandcog | xpdfreader | 0.80 |
| t1lib | t1lib | 5.1.0 |
| t1lib | t1lib | 0.6 |
| t1lib | t1lib | 0.9.2 |
| foolabs | xpdf | 1.00a |
| foolabs | xpdf | 0.92a |
| foolabs | xpdf | 0.92e |
| t1lib | t1lib | 0.2 |
| foolabs | xpdf | 0.93c |
| glyphandcog | xpdfreader | 2.03 |
| t1lib | t1lib | 1.0.1 |
| t1lib | t1lib | 1.1.0 |
| foolabs | xpdf | 3.02pl3 |
| t1lib | t1lib | 1.3.1 |
| foolabs | xpdf | 0.93a |
| t1lib | t1lib | 0.7 |
| foolabs | xpdf | 0.93b |
| foolabs | xpdf | 0.92c |
| glyphandcog | xpdfreader | 0.6 |
| glyphandcog | xpdfreader | 3.01 |
| t1lib | t1lib | 0.1 |
| glyphandcog | xpdfreader | 0.7 |
| glyphandcog | xpdfreader | 2.02 |
| foolabs | xpdf | 3.0.1 |
| t1lib | t1lib | 5.0.0 |
| glyphandcog | xpdfreader | 3.02 |
| t1lib | t1lib | 0.3 |
| t1lib | t1lib | 5.0.1 |
| foolabs | xpdf | 0.91a |
| glyphandcog | xpdfreader | 0.3 |
| glyphandcog | xpdfreader | 0.4 |
| t1lib | t1lib | 1.1.1 |
| foolabs | xpdf | 3.02pl4 |
| t1lib | t1lib | 0.8 |
| glyphandcog | xpdfreader | 1.00 |
| glyphandcog | xpdfreader | 0.5 |
| glyphandcog | xpdfreader | 2.00 |
| glyphandcog | xpdfreader | 3.00 |
| t1lib | t1lib | 0.5 |
| glyphandcog | xpdfreader | 0.93 |
| t1lib | t1lib | 5.1.1 |
| foolabs | xpdf | 0.7a |
| foolabs | xpdf | 0.91b |
| foolabs | xpdf | 0.92d |
| glyphandcog | xpdfreader | 1.01 |
| glyphandcog | xpdfreader | 0.91 |
| foolabs | xpdf | 0.91c |
| glyphandcog | xpdfreader | 0.90 |
| t1lib | t1lib | 1.3 |
| glyphandcog | xpdfreader | 2.01 |
| glyphandcog | xpdfreader | * |
| t1lib | t1lib | * |
| t1lib | t1lib | 0.9 |
| foolabs | xpdf | 0.92b |
| foolabs | xpdf | 3.02pl2 |
| foolabs | xpdf | 3.02pl1 |
| glyphandcog | xpdfreader | 0.2 |
| t1lib | t1lib | 0.4 |
| glyphandcog | xpdfreader | 0.92 |
| t1lib | t1lib | 0.9.1 |
Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| t1lib | t1lib | 1.2 |
| foolabs | xpdf | 0.5a |
| t1lib | t1lib | 5.0.2 |
| t1lib | t1lib | 1.0 |
| glyphandcog | xpdfreader | 0.80 |
| t1lib | t1lib | 5.1.0 |
| t1lib | t1lib | 0.6 |
| t1lib | t1lib | 0.9.2 |
| foolabs | xpdf | 1.00a |
| foolabs | xpdf | 0.92a |
| foolabs | xpdf | 0.92e |
| t1lib | t1lib | 0.2 |
| foolabs | xpdf | 0.93c |
| glyphandcog | xpdfreader | 2.03 |
| t1lib | t1lib | 1.0.1 |
| t1lib | t1lib | 1.1.0 |
| foolabs | xpdf | 3.02pl3 |
| t1lib | t1lib | 1.3.1 |
| foolabs | xpdf | 0.93a |
| t1lib | t1lib | 0.7 |
| foolabs | xpdf | 0.93b |
| foolabs | xpdf | 0.92c |
| glyphandcog | xpdfreader | 0.6 |
| glyphandcog | xpdfreader | 3.01 |
| t1lib | t1lib | 0.1 |
| glyphandcog | xpdfreader | 0.7 |
| glyphandcog | xpdfreader | 2.02 |
| foolabs | xpdf | 3.0.1 |
| t1lib | t1lib | 5.0.0 |
| glyphandcog | xpdfreader | 3.02 |
| t1lib | t1lib | 0.3 |
| t1lib | t1lib | 5.0.1 |
| foolabs | xpdf | 0.91a |
| glyphandcog | xpdfreader | 0.3 |
| glyphandcog | xpdfreader | 0.4 |
| t1lib | t1lib | 1.1.1 |
| foolabs | xpdf | 3.02pl4 |
| t1lib | t1lib | 0.8 |
| glyphandcog | xpdfreader | 1.00 |
| glyphandcog | xpdfreader | 0.5 |
| glyphandcog | xpdfreader | 2.00 |
| glyphandcog | xpdfreader | 3.00 |
| t1lib | t1lib | 0.5 |
| glyphandcog | xpdfreader | 0.93 |
| t1lib | t1lib | 5.1.1 |
| foolabs | xpdf | 0.7a |
| foolabs | xpdf | 0.91b |
| foolabs | xpdf | 0.92d |
| glyphandcog | xpdfreader | 1.01 |
| glyphandcog | xpdfreader | 0.91 |
| foolabs | xpdf | 0.91c |
| glyphandcog | xpdfreader | 0.90 |
| t1lib | t1lib | 1.3 |
| glyphandcog | xpdfreader | 2.01 |
| glyphandcog | xpdfreader | * |
| t1lib | t1lib | * |
| t1lib | t1lib | 0.9 |
| foolabs | xpdf | 0.92b |
| foolabs | xpdf | 3.02pl2 |
| foolabs | xpdf | 3.02pl1 |
| glyphandcog | xpdfreader | 0.2 |
| t1lib | t1lib | 0.4 |
| glyphandcog | xpdfreader | 0.92 |
| t1lib | t1lib | 0.9.1 |
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| t1lib | t1lib | 1.2 |
| foolabs | xpdf | 0.5a |
| t1lib | t1lib | 5.0.2 |
| t1lib | t1lib | 1.0 |
| glyphandcog | xpdfreader | 0.80 |
| t1lib | t1lib | 5.1.0 |
| t1lib | t1lib | 0.6 |
| t1lib | t1lib | 0.9.2 |
| foolabs | xpdf | 1.00a |
| foolabs | xpdf | 0.92a |
| foolabs | xpdf | 0.92e |
| t1lib | t1lib | 0.2 |
| foolabs | xpdf | 0.93c |
| glyphandcog | xpdfreader | 2.03 |
| t1lib | t1lib | 1.0.1 |
| t1lib | t1lib | 1.1.0 |
| foolabs | xpdf | 3.02pl3 |
| t1lib | t1lib | 1.3.1 |
| foolabs | xpdf | 0.93a |
| t1lib | t1lib | 0.7 |
| foolabs | xpdf | 0.93b |
| foolabs | xpdf | 0.92c |
| glyphandcog | xpdfreader | 0.6 |
| glyphandcog | xpdfreader | 3.01 |
| t1lib | t1lib | 0.1 |
| glyphandcog | xpdfreader | 0.7 |
| glyphandcog | xpdfreader | 2.02 |
| foolabs | xpdf | 3.0.1 |
| t1lib | t1lib | 5.0.0 |
| glyphandcog | xpdfreader | 3.02 |
| t1lib | t1lib | 0.3 |
| t1lib | t1lib | 5.0.1 |
| foolabs | xpdf | 0.91a |
| glyphandcog | xpdfreader | 0.3 |
| glyphandcog | xpdfreader | 0.4 |
| t1lib | t1lib | 1.1.1 |
| foolabs | xpdf | 3.02pl4 |
| t1lib | t1lib | 0.8 |
| glyphandcog | xpdfreader | 1.00 |
| glyphandcog | xpdfreader | 0.5 |
| glyphandcog | xpdfreader | 2.00 |
| glyphandcog | xpdfreader | 3.00 |
| t1lib | t1lib | 0.5 |
| glyphandcog | xpdfreader | 0.93 |
| t1lib | t1lib | 5.1.1 |
| foolabs | xpdf | 0.7a |
| foolabs | xpdf | 0.91b |
| foolabs | xpdf | 0.92d |
| glyphandcog | xpdfreader | 1.01 |
| glyphandcog | xpdfreader | 0.91 |
| foolabs | xpdf | 0.91c |
| glyphandcog | xpdfreader | 0.90 |
| t1lib | t1lib | 1.3 |
| glyphandcog | xpdfreader | 2.01 |
| glyphandcog | xpdfreader | * |
| t1lib | t1lib | * |
| t1lib | t1lib | 0.9 |
| foolabs | xpdf | 0.92b |
| foolabs | xpdf | 3.02pl2 |
| foolabs | xpdf | 3.02pl1 |
| glyphandcog | xpdfreader | 0.2 |
| t1lib | t1lib | 0.4 |
| glyphandcog | xpdfreader | 0.92 |
| t1lib | t1lib | 0.9.1 |