CVE-2011-0433: Buffer Overflow
First published: Wed Feb 23 2011(Updated: )
A heap-based buffer overflow flaw was found in the way AFM font file parser, used for rendering of DVI files, in GNOME evince document viewer and other products, processed line tokens from the given input stream. A remote attacker could provide a DVI file, with embedded specially-crafted font file, and trick the local user to open it with an application using the AFM font parser, leading to that particular application crash or, potentially, arbitrary code execution with the privileges of the user running the application. Different vulnerability than <a href="https://access.redhat.com/security/cve/CVE-2010-2642">CVE-2010-2642</a>. Upstream bug report: [1] <a href="https://bugzilla.gnome.org/show_bug.cgi?id=640923">https://bugzilla.gnome.org/show_bug.cgi?id=640923</a> Upstream patch: [2] <a href="https://bugzilla.gnome.org/show_bug.cgi?id=640923#c1">https://bugzilla.gnome.org/show_bug.cgi?id=640923#c1</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tetex Tetex | =3.0 | |
| GNOME evince | ||
| T1lib T1lib |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
- https://bugzilla.redhat.com/show_bug.cgi?id=679732
- http://rhn.redhat.com/errata/RHSA-2012-1201.html
- http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/
- https://bugzilla.gnome.org/show_bug.cgi?id=640923
- http://secunia.com/advisories/48985
- https://security.gentoo.org/glsa/201701-57
- https://access.redhat.com/security/cve/CVE-2010-2642
- https://bugzilla.gnome.org/show_bug.cgi?id=640923#c1
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=679733
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=679734
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=679735
- https://bugzilla.gnome.org/show_bug.cgi?id=643882
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=772899
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=551814&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=551814&action=edit
- https://rhn.redhat.com/errata/RHSA-2012-0062.html
- https://rhn.redhat.com/errata/RHSA-2012-0137.html
- https://rhn.redhat.com/errata/RHSA-2012-1201.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=679732#c0
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=666318
- https://access.redhat.com/security/cve/CVE-2011-0433
- http://git.gnome.org/browse/evince/commit/?id=439c5070022e
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=679732#c11
- http://git.gnome.org/browse/evince/commit/?id=efadec4ffcdd
- https://access.redhat.com/security/cve/CVE-2011-5244
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=878483
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=666318#c30
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/tags
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-0433
- vendor/tetex
- canonical/tetex tetex
- version/tetex tetex/3.0
- vendor/gnome
- canonical/gnome evince
- vendor/t1lib
- canonical/t1lib t1lib