CVE-2011-1553

Current Description

Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.

Basic Data

PublishedMarch 31, 2011
Last ModifiedMarch 06, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-399
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationT1libT1lib0.1alpha******
      2.3ApplicationT1libT1lib0.2beta******
      2.3ApplicationT1libT1lib0.3beta******
      2.3ApplicationT1libT1lib0.4beta******
      2.3ApplicationT1libT1lib0.5beta******
      2.3ApplicationT1libT1lib0.6beta******
      2.3ApplicationT1libT1lib0.7beta******
      2.3ApplicationT1libT1lib0.8beta******
      2.3ApplicationT1libT1lib0.9*******
      2.3ApplicationT1libT1lib0.9.1*******
      2.3ApplicationT1libT1lib0.9.2*******
      2.3ApplicationT1libT1lib1.0*******
      2.3ApplicationT1libT1lib1.0.1*******
      2.3ApplicationT1libT1lib1.1.0*******
      2.3ApplicationT1libT1lib1.1.1*******
      2.3ApplicationT1libT1lib1.2*******
      2.3ApplicationT1libT1lib1.3*******
      2.3ApplicationT1libT1lib1.3.1*******
      2.3ApplicationT1libT1lib5.0.0*******
      2.3ApplicationT1libT1lib5.0.1*******
      2.3ApplicationT1libT1lib5.0.2*******
      2.3ApplicationT1libT1lib5.1.0*******
      2.3ApplicationT1libT1lib5.1.1*******
      2.3ApplicationT1libT1lib********5.1.2
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationFoolabsXpdf0.5a*******
      2.3ApplicationFoolabsXpdf0.7a*******
      2.3ApplicationFoolabsXpdf0.91a*******
      2.3ApplicationFoolabsXpdf0.91b*******
      2.3ApplicationFoolabsXpdf0.91c*******
      2.3ApplicationFoolabsXpdf0.92a*******
      2.3ApplicationFoolabsXpdf0.92b*******
      2.3ApplicationFoolabsXpdf0.92c*******
      2.3ApplicationFoolabsXpdf0.92d*******
      2.3ApplicationFoolabsXpdf0.92e*******
      2.3ApplicationFoolabsXpdf0.93a*******
      2.3ApplicationFoolabsXpdf0.93b*******
      2.3ApplicationFoolabsXpdf0.93c*******
      2.3ApplicationFoolabsXpdf1.00a*******
      2.3ApplicationFoolabsXpdf3.0.1*******
      2.3ApplicationFoolabsXpdf3.02pl1*******
      2.3ApplicationFoolabsXpdf3.02pl2*******
      2.3ApplicationFoolabsXpdf3.02pl3*******
      2.3ApplicationFoolabsXpdf3.02pl4*******
      2.3ApplicationGlyphandcogXpdfreader0.2*******
      2.3ApplicationGlyphandcogXpdfreader0.3*******
      2.3ApplicationGlyphandcogXpdfreader0.4*******
      2.3ApplicationGlyphandcogXpdfreader0.5*******
      2.3ApplicationGlyphandcogXpdfreader0.6*******
      2.3ApplicationGlyphandcogXpdfreader0.7*******
      2.3ApplicationGlyphandcogXpdfreader0.80*******
      2.3ApplicationGlyphandcogXpdfreader0.90*******
      2.3ApplicationGlyphandcogXpdfreader0.91*******
      2.3ApplicationGlyphandcogXpdfreader0.92*******
      2.3ApplicationGlyphandcogXpdfreader0.93*******
      2.3ApplicationGlyphandcogXpdfreader1.00*******
      2.3ApplicationGlyphandcogXpdfreader1.01*******
      2.3ApplicationGlyphandcogXpdfreader2.00*******
      2.3ApplicationGlyphandcogXpdfreader2.01*******
      2.3ApplicationGlyphandcogXpdfreader2.02*******
      2.3ApplicationGlyphandcogXpdfreader2.03*******
      2.3ApplicationGlyphandcogXpdfreader3.00*******
      2.3ApplicationGlyphandcogXpdfreader3.01*******
      2.3ApplicationGlyphandcogXpdfreader3.02*******

Vulnerable Software List

VendorProductVersions
Foolabs Xpdf 0.5a, 0.7a, 0.91a, 0.91b, 0.91c, 0.92a, 0.92b, 0.92c, 0.92d, 0.92e, 0.93a, 0.93b, 0.93c, 1.00a, 3.0.1, 3.02pl1, 3.02pl2, 3.02pl3, 3.02pl4
Glyphandcog Xpdfreader 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.80, 0.90, 0.91, 0.92, 0.93, 1.00, 1.01, 2.00, 2.01, 2.02, 2.03, 3.00, 3.01, 3.02
T1lib T1lib *, 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.8, 0.9, 0.9.1, 0.9.2, 1.0, 1.0.1, 1.1.0, 1.1.1, 1.2, 1.3, 1.3.1, 5.0.0, 5.0.1, 5.0.2, 5.1.0, 5.1.1

References

NameSourceURLTags
RHSA-2012:1201http://rhn.redhat.com/errata/RHSA-2012-1201.htmlREDHAT
43823http://secunia.com/advisories/43823SECUNIAVendor Advisory
48985http://secunia.com/advisories/48985SECUNIA
8171http://securityreason.com/securityalert/8171SREASON
1025266http://securitytracker.com/id?1025266SECTRACK
http://www.foolabs.com/xpdf/download.htmlhttp://www.foolabs.com/xpdf/download.htmlCONFIRMPatch
VU#376500http://www.kb.cert.org/vuls/id/376500CERT-VNUS Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8ECL8Xhttp://www.kb.cert.org/vuls/id/MAPG-8ECL8XCONFIRMUS Government Resource
MDVSA-2012:144http://www.mandriva.com/security/advisories?name=MDVSA-2012:144MANDRIVA
20110327 TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code executionhttp://www.securityfocus.com/archive/1/517205/100/0/threadedBUGTRAQ
http://www.toucan-system.com/advisories/tssa-2011-01.txthttp://www.toucan-system.com/advisories/tssa-2011-01.txtMISC
ADV-2011-0728http://www.vupen.com/english/advisories/2011/0728VUPENVendor Advisory
GLSA-201701-57https://security.gentoo.org/glsa/201701-57GENTOO