This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | t1lib | First view | 2011-03-31 |
| Product | t1lib | Last view | 2011-03-31 |
| Version | 0.6 | Type | Application |
| Update | beta | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:t1lib:t1lib | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2011-03-31 | CVE-2011-1554 | Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764. |
| 4.3 | 2011-03-31 | CVE-2011-1553 | Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764. |
| 4.3 | 2011-03-31 | CVE-2011-1552 | t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764. |
| 6.8 | 2011-03-31 | CVE-2011-0764 | t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 25% (1) | CWE-399 | Resource Management Errors |
| 25% (1) | CWE-189 | Numeric Errors |
| 25% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 25% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 74528 | t1lib PDF Type 1 Font Handling Invalid Memory Write Use-after-free DoS |
| 74527 | t1lib PDF Type 1 Font Handling Invalid Memory Location DoS |
| 74526 | t1lib PDF Type 1 Font Handling Off-by-one Overflow DoS |
| 72302 | t1lib PDF Type 1 Font Handling Invalid Pointer Code Execution |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-09-10 | Name : Slackware Advisory SSA:2012-228-01 t1lib File : nvt/esoft_slk_ssa_2012_228_01.nasl |
| 2012-08-24 | Name : CentOS Update for tetex CESA-2012:1201 centos5 File : nvt/gb_CESA-2012_1201_tetex_centos5.nasl |
| 2012-08-24 | Name : RedHat Update for tetex RHSA-2012:1201-01 File : nvt/gb_RHSA-2012_1201-01_tetex.nasl |
| 2012-07-30 | Name : CentOS Update for t1lib CESA-2012:0062 centos6 File : nvt/gb_CESA-2012_0062_t1lib_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for kpathsea CESA-2012:0137 centos6 File : nvt/gb_CESA-2012_0137_kpathsea_centos6.nasl |
| 2012-07-09 | Name : RedHat Update for t1lib RHSA-2012:0062-01 File : nvt/gb_RHSA-2012_0062-01_t1lib.nasl |
| 2012-07-09 | Name : RedHat Update for texlive RHSA-2012:0137-01 File : nvt/gb_RHSA-2012_0137-01_texlive.nasl |
| 2012-03-19 | Name : Fedora Update for t1lib FEDORA-2012-0289 File : nvt/gb_fedora_2012_0289_t1lib_fc16.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2388-1 (t1lib) File : nvt/deb_2388_1.nasl |
| 2012-02-01 | Name : Fedora Update for t1lib FEDORA-2012-0266 File : nvt/gb_fedora_2012_0266_t1lib_fc15.nasl |
| 2012-01-20 | Name : Ubuntu Update for t1lib USN-1335-1 File : nvt/gb_ubuntu_USN_1335_1.nasl |
| 2012-01-13 | Name : Mandriva Update for t1lib MDVSA-2012:004 (t1lib) File : nvt/gb_mandriva_MDVSA_2012_004.nasl |
| 2012-01-09 | Name : Mandriva Update for t1lib MDVSA-2012:002 (t1lib) File : nvt/gb_mandriva_MDVSA_2012_002.nasl |
| 2011-12-23 | Name : Ubuntu Update for t1lib USN-1316-1 File : nvt/gb_ubuntu_USN_1316_1.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-01-24 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-57.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2012-249.nasl - Type: ACT_GATHER_INFO |
| 2013-09-04 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2012-40.nasl - Type: ACT_GATHER_INFO |
| 2013-09-04 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2012-48.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2012-0062.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2012-0137.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2012-1201.nasl - Type: ACT_GATHER_INFO |
| 2013-01-25 | Name: The remote SuSE 11 host is missing a security update. File: suse_11_t1lib-120423.nasl - Type: ACT_GATHER_INFO |
| 2012-08-24 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2012-1201.nasl - Type: ACT_GATHER_INFO |
| 2012-08-24 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20120823_tetex_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
| 2012-08-24 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2012-1201.nasl - Type: ACT_GATHER_INFO |
| 2012-08-16 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2012-228-01.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20120215_texlive_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20120124_t1lib_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
| 2012-02-17 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2012-0137.nasl - Type: ACT_GATHER_INFO |
| 2012-02-16 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2012-0137.nasl - Type: ACT_GATHER_INFO |
| 2012-01-31 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2012-0062.nasl - Type: ACT_GATHER_INFO |
| 2012-01-30 | Name: The remote Fedora host is missing a security update. File: fedora_2012-0289.nasl - Type: ACT_GATHER_INFO |
| 2012-01-30 | Name: The remote Fedora host is missing a security update. File: fedora_2012-0266.nasl - Type: ACT_GATHER_INFO |
| 2012-01-25 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2012-0062.nasl - Type: ACT_GATHER_INFO |
| 2012-01-20 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-1335-1.nasl - Type: ACT_GATHER_INFO |
| 2012-01-16 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2388.nasl - Type: ACT_GATHER_INFO |
| 2012-01-13 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2012-004.nasl - Type: ACT_GATHER_INFO |
| 2012-01-03 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2012-002.nasl - Type: ACT_GATHER_INFO |
| 2011-12-22 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-1316-1.nasl - Type: ACT_GATHER_INFO |
