CVE-2011-5244
Summary
| CVE | CVE-2011-5244 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-11-19 12:10:00 UTC |
| Updated | 2017-08-29 01:30:00 UTC |
| Description | Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433. |
Risk And Classification
Problem Types: CWE-189
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - Re: Re: CVE request: More Evince overflows | MLIST | www.openwall.com | |
| backends: Fix several security issues in the dvi-backend. (d4139205) · Commits · GNOME / evince · GitLab | MISC | git.gnome.org | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Bug 643882 – evince: off-by-one in recent afmparse.c fixes | CONFIRM | bugzilla.gnome.org | |
| backends: Fix another security issue in the dvi-backend (439c5070) · Commits · GNOME / evince · GitLab | MISC | git.gnome.org | |
| T1Lib: : Multiple vulnerabilities (GLSA 201701-57) — Gentoo Security | GENTOO | security.gentoo.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.