CVE-2011-0433 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 84%

Vendor	Product	Version
gnome	evince	-
t1lib	t1lib	*
tetex	tetex	3.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

evince

bullseye	3.38.2-1 fixed
bookworm	43.1-2 fixed
sid	46.3.1-1 fixed
trixie	46.3.1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

evince

oneiric	not-affected
natty	Fixed 2.32.0-0ubuntu12.4 released
maverick	Fixed 2.32.0-0ubuntu1.2 released
lucid	Fixed 2.30.3-0ubuntu1.3 released
hardy	ignored

t1lib

oneiric	Fixed 5.1.2-3ubuntu0.11.10.2 released
natty	Fixed 5.1.2-3ubuntu0.11.04.2 released
maverick	Fixed 5.1.2-3ubuntu0.10.10.2 released
lucid	Fixed 5.1.2-3ubuntu0.10.04.2 released
karmic	ignored
hardy	ignored
dapper	ignored

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://rhn.redhat.com/errata/RHSA-2012-1201.html

http://secunia.com/advisories/48985

http://www.mandriva.com/security/advisories?name=MDVSA-2012:144

http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/

https://bugzilla.gnome.org/show_bug.cgi?id=640923

https://bugzilla.redhat.com/show_bug.cgi?id=679732

https://security.gentoo.org/glsa/201701-57

http://rhn.redhat.com/errata/RHSA-2012-1201.html

http://secunia.com/advisories/48985

http://www.mandriva.com/security/advisories?name=MDVSA-2012:144

http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/

https://bugzilla.gnome.org/show_bug.cgi?id=640923

https://bugzilla.redhat.com/show_bug.cgi?id=679732

https://security.gentoo.org/glsa/201701-57