CVE-2011-0764

t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
t1libt1lib
𝑥
≤ 5.1.2
t1libt1lib
0.1:alpha
t1libt1lib
0.2:beta
t1libt1lib
0.3:beta
t1libt1lib
0.4:beta
t1libt1lib
0.5:beta
t1libt1lib
0.6:beta
t1libt1lib
0.7:beta
t1libt1lib
0.8:beta
t1libt1lib
0.9
t1libt1lib
0.9.1
t1libt1lib
0.9.2
t1libt1lib
1.0
t1libt1lib
1.0.1
t1libt1lib
1.1.0
t1libt1lib
1.1.1
t1libt1lib
1.2
t1libt1lib
1.3
t1libt1lib
1.3.1
t1libt1lib
5.0.0
t1libt1lib
5.0.1
t1libt1lib
5.0.2
t1libt1lib
5.1.0
t1libt1lib
5.1.1
foolabsxpdf
0.5a:a
foolabsxpdf
0.7a:a
foolabsxpdf
0.91a:a
foolabsxpdf
0.91b:b
foolabsxpdf
0.91c:c
foolabsxpdf
0.92a:a
foolabsxpdf
0.92b:b
foolabsxpdf
0.92c:c
foolabsxpdf
0.92d:d
foolabsxpdf
0.92e:e
foolabsxpdf
0.93a:a
foolabsxpdf
0.93b:b
foolabsxpdf
0.93c:c
foolabsxpdf
1.00a:a
foolabsxpdf
3.0.1
foolabsxpdf
3.02pl1:pl1
foolabsxpdf
3.02pl2:pl2
foolabsxpdf
3.02pl3:pl3
foolabsxpdf
3.02pl4:pl4
glyphandcogxpdfreader
𝑥
≤ 3.02
glyphandcogxpdfreader
0.2
glyphandcogxpdfreader
0.3
glyphandcogxpdfreader
0.4
glyphandcogxpdfreader
0.5
glyphandcogxpdfreader
0.6
glyphandcogxpdfreader
0.7
glyphandcogxpdfreader
0.80
glyphandcogxpdfreader
0.90
glyphandcogxpdfreader
0.91
glyphandcogxpdfreader
0.92
glyphandcogxpdfreader
0.93
glyphandcogxpdfreader
1.00
glyphandcogxpdfreader
1.01
glyphandcogxpdfreader
2.00
glyphandcogxpdfreader
2.01
glyphandcogxpdfreader
2.02
glyphandcogxpdfreader
2.03
glyphandcogxpdfreader
3.00
glyphandcogxpdfreader
3.01
glyphandcogxpdfreader
3.02
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
poppler
bullseye (security)
20.09.0-3.1+deb11u1
fixed
bullseye
20.09.0-3.1+deb11u1
fixed
bookworm
22.12.0-2
fixed
sid
24.08.0-3
fixed
trixie
24.08.0-3
fixed
xpdf
bullseye
3.04+git20210103-3
fixed
bookworm
3.04+git20220601-1
fixed
sid
3.04+git20240613-1
fixed
trixie
3.04+git20240613-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
t1lib
oneiric
Fixed 5.1.2-3ubuntu0.11.10.1
released
natty
Fixed 5.1.2-3ubuntu0.11.04.1
released
maverick
Fixed 5.1.2-3ubuntu0.10.10.1
released
lucid
Fixed 5.1.2-3ubuntu0.10.04.1
released
karmic
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2012-1201.html
http://secunia.com/advisories/43823
http://secunia.com/advisories/47347
http://secunia.com/advisories/48985
http://securityreason.com/securityalert/8171
http://securitytracker.com/id?1025266
http://www.foolabs.com/xpdf/download.html
http://www.kb.cert.org/vuls/id/376500
http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
http://www.mandriva.com/security/advisories?name=MDVSA-2012:002
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
http://www.securityfocus.com/archive/1/517205/100/0/threaded
http://www.securityfocus.com/bid/46941
http://www.toucan-system.com/advisories/tssa-2011-01.txt
http://www.ubuntu.com/usn/USN-1316-1
http://www.vupen.com/english/advisories/2011/0728
https://exchange.xforce.ibmcloud.com/vulnerabilities/66208
https://security.gentoo.org/glsa/201701-57
http://rhn.redhat.com/errata/RHSA-2012-1201.html
http://secunia.com/advisories/43823
http://secunia.com/advisories/47347
http://secunia.com/advisories/48985
http://securityreason.com/securityalert/8171
http://securitytracker.com/id?1025266
http://www.foolabs.com/xpdf/download.html
http://www.kb.cert.org/vuls/id/376500
http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
http://www.mandriva.com/security/advisories?name=MDVSA-2012:002
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
http://www.securityfocus.com/archive/1/517205/100/0/threaded
http://www.securityfocus.com/bid/46941
http://www.toucan-system.com/advisories/tssa-2011-01.txt
http://www.ubuntu.com/usn/USN-1316-1
http://www.vupen.com/english/advisories/2011/0728
https://exchange.xforce.ibmcloud.com/vulnerabilities/66208
https://security.gentoo.org/glsa/201701-57