First published: Thu Mar 31 2011(Updated: )
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
CentOS T1lib | <=5.1.2 | |
CentOS T1lib | =0.1-alpha | |
CentOS T1lib | =0.2-beta | |
CentOS T1lib | =0.3-beta | |
CentOS T1lib | =0.4-beta | |
CentOS T1lib | =0.5-beta | |
CentOS T1lib | =0.6-beta | |
CentOS T1lib | =0.7-beta | |
CentOS T1lib | =0.8-beta | |
CentOS T1lib | =0.9 | |
CentOS T1lib | =0.9.1 | |
CentOS T1lib | =0.9.2 | |
CentOS T1lib | =1.0 | |
CentOS T1lib | =1.0.1 | |
CentOS T1lib | =1.1.0 | |
CentOS T1lib | =1.1.1 | |
CentOS T1lib | =1.2 | |
CentOS T1lib | =1.3 | |
CentOS T1lib | =1.3.1 | |
CentOS T1lib | =5.0.0 | |
CentOS T1lib | =5.0.1 | |
CentOS T1lib | =5.0.2 | |
CentOS T1lib | =5.1.0 | |
CentOS T1lib | =5.1.1 | |
Xpdf | =0.5a | |
Xpdf | =0.7a | |
Xpdf | =0.91a | |
Xpdf | =0.91b | |
Xpdf | =0.91c | |
Xpdf | =0.92a | |
Xpdf | =0.92b | |
Xpdf | =0.92c | |
Xpdf | =0.92d | |
Xpdf | =0.92e | |
Xpdf | =0.93a | |
Xpdf | =0.93b | |
Xpdf | =0.93c | |
Xpdf | =1.00a | |
Xpdf | =3.0.1 | |
Xpdf | =3.02pl1 | |
Xpdf | =3.02pl2 | |
Xpdf | =3.02pl3 | |
Xpdf | =3.02pl4 | |
Glyph & Cog XpdfReader | <=3.02 | |
Glyph & Cog XpdfReader | =0.2 | |
Glyph & Cog XpdfReader | =0.3 | |
Glyph & Cog XpdfReader | =0.4 | |
Glyph & Cog XpdfReader | =0.5 | |
Glyph & Cog XpdfReader | =0.6 | |
Glyph & Cog XpdfReader | =0.7 | |
Glyph & Cog XpdfReader | =0.80 | |
Glyph & Cog XpdfReader | =0.90 | |
Glyph & Cog XpdfReader | =0.91 | |
Glyph & Cog XpdfReader | =0.92 | |
Glyph & Cog XpdfReader | =0.93 | |
Glyph & Cog XpdfReader | =1.00 | |
Glyph & Cog XpdfReader | =1.01 | |
Glyph & Cog XpdfReader | =2.00 | |
Glyph & Cog XpdfReader | =2.01 | |
Glyph & Cog XpdfReader | =2.02 | |
Glyph & Cog XpdfReader | =2.03 | |
Glyph & Cog XpdfReader | =3.00 | |
Glyph & Cog XpdfReader | =3.01 | |
Glyph & Cog XpdfReader | =3.02 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-0764 has a high severity rating due to its potential for remote code execution via crafted PDF documents.
To fix CVE-2011-0764, users should upgrade to a patched version of t1lib or any affected software that addresses this vulnerability.
CVE-2011-0764 affects t1lib versions 5.1.2 and earlier.
Yes, CVE-2011-0764 can be exploited remotely by attacking systems that process specifically crafted PDF files with vulnerable t1lib versions.
The consequences of CVE-2011-0764 include unauthorized arbitrary code execution, which could lead to system compromise.