Executive Summary
Summary | |
---|---|
Title | Foolabs Xpdf contains a denial of service vulnerability |
Informations | |||
---|---|---|---|
Name | VU#376500 | First vendor Publication | 2011-03-21 |
Vendor | VU-CERT | Last vendor Modification | 2011-04-05 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#376500Foolabs Xpdf contains a denial of service vulnerabilityOverviewFoolabs Xpdf contains a denial of service vulnerability caused by the t1lib library incorrectly parsing Type 1 fonts.I. DescriptionAccording to Foolabs: Xpdf is an open source viewer for Portable Document Format (PDF) files. (These are sometimes also called 'Acrobat' files, from the name of Adobe's PDF software.) The Xpdf project also includes a PDF text extractor, PDF-to-PostScript converter, and various other utilities. Foolabs Xpdf contains a denial of service vulnerability caused by the t1lib library incorrectly parsing Type 1 fonts. This vulnerability may allow an attacker to execute arbitrary code.II. ImpactA remote attacker can cause the device to crash and may be able to execute arbitrary code.III. SolutionThe vendor has stated they will stop using t1lib in their product and users should build Xpdf without t1lib.To build Xpdf without t1lib, add the "--with-t1-library=no" flag to the
Referenceshttp://www.toucan-system.eu/advisories/tssa-2011-01.txt Thanks to Jonathan Brossard for reporting this vulnerability. This document was written by Michael Orlando.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/376500 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-399 | Resource Management Errors |
25 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
25 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15060 | |||
Oval ID: | oval:org.mitre.oval:def:15060 | ||
Title: | USN-1335-1 -- t1lib vulnerabilities | ||
Description: | t1lib: Type 1 font rasterizer library - runtime t1lib could be made to crash or run programs as your login if it opened a specially crafted font file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1335-1 CVE-2010-2642 CVE-2011-0433 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | t1lib |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15180 | |||
Oval ID: | oval:org.mitre.oval:def:15180 | ||
Title: | DSA-2388-1 t1lib -- several | ||
Description: | Several vulnerabilities were discovered in t1lib, a Postscript Type 1 font rasterizer library, some of which might lead to code execution through the opening of files embedding bad fonts. CVE-2010-2642 A heap-based buffer overflow in the AFM font metrics parser potentially leads to the execution of arbitrary code. CVE-2011-0433 Another heap-based buffer overflow in the AFM font metrics parser potentially leads to the execution of arbitrary code. CVE-2011-0764 An invalid pointer dereference allows execution of arbitrary code using crafted Type 1 fonts. CVE-2011-1552 Another invalid pointer dereference results in an application crash, triggered by crafted Type 1 fonts. CVE-2011-1553 A use-after-free vulnerability results in an application crash, triggered by crafted Type 1 fonts. CVE-2011-1554 An off-by-one error results in an invalid memory read and application crash, triggered by crafted Type 1 fonts. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2388-1 CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | t1lib |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15436 | |||
Oval ID: | oval:org.mitre.oval:def:15436 | ||
Title: | USN-1316-1 -- t1lib vulnerability | ||
Description: | t1lib: Type 1 font rasterizer library - runtime t1lib could be made to crash or run programs as your login if it opened a specially crafted font file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1316-1 CVE-2011-0764 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | t1lib |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20633 | |||
Oval ID: | oval:org.mitre.oval:def:20633 | ||
Title: | RHSA-2012:0137: texlive security update (Moderate) | ||
Description: | Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0137-01 CESA-2012:0137 CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 | Version: | 81 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | texlive |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20742 | |||
Oval ID: | oval:org.mitre.oval:def:20742 | ||
Title: | RHSA-2012:0062: t1lib security update (Moderate) | ||
Description: | Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0062-01 CESA-2012:0062 CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 | Version: | 81 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | t1lib |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21325 | |||
Oval ID: | oval:org.mitre.oval:def:21325 | ||
Title: | RHSA-2012:1201: tetex security update (Moderate) | ||
Description: | Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:1201-00 CESA-2012:1201 CVE-2010-2642 CVE-2010-3702 CVE-2010-3704 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 | Version: | 107 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | tetex |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23118 | |||
Oval ID: | oval:org.mitre.oval:def:23118 | ||
Title: | ELSA-2012:1201: tetex security update (Moderate) | ||
Description: | Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:1201-00 CVE-2010-2642 CVE-2010-3702 CVE-2010-3704 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 | Version: | 37 |
Platform(s): | Oracle Linux 5 | Product(s): | tetex |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23773 | |||
Oval ID: | oval:org.mitre.oval:def:23773 | ||
Title: | ELSA-2012:0062: t1lib security update (Moderate) | ||
Description: | Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0062-01 CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 | Version: | 29 |
Platform(s): | Oracle Linux 6 | Product(s): | t1lib |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27492 | |||
Oval ID: | oval:org.mitre.oval:def:27492 | ||
Title: | DEPRECATED: ELSA-2012-0062 -- t1lib security update (moderate) | ||
Description: | [5.1.2-6.1] - Fixed CVE-2010-2642, CVE-2011-0433, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554 Resolves: rhbz#772900 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0062 CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | t1lib |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-09-10 | Name : Slackware Advisory SSA:2012-228-01 t1lib File : nvt/esoft_slk_ssa_2012_228_01.nasl |
2012-08-24 | Name : CentOS Update for tetex CESA-2012:1201 centos5 File : nvt/gb_CESA-2012_1201_tetex_centos5.nasl |
2012-08-24 | Name : RedHat Update for tetex RHSA-2012:1201-01 File : nvt/gb_RHSA-2012_1201-01_tetex.nasl |
2012-07-30 | Name : CentOS Update for t1lib CESA-2012:0062 centos6 File : nvt/gb_CESA-2012_0062_t1lib_centos6.nasl |
2012-07-30 | Name : CentOS Update for kpathsea CESA-2012:0137 centos6 File : nvt/gb_CESA-2012_0137_kpathsea_centos6.nasl |
2012-07-09 | Name : RedHat Update for t1lib RHSA-2012:0062-01 File : nvt/gb_RHSA-2012_0062-01_t1lib.nasl |
2012-07-09 | Name : RedHat Update for texlive RHSA-2012:0137-01 File : nvt/gb_RHSA-2012_0137-01_texlive.nasl |
2012-03-19 | Name : Fedora Update for t1lib FEDORA-2012-0289 File : nvt/gb_fedora_2012_0289_t1lib_fc16.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2388-1 (t1lib) File : nvt/deb_2388_1.nasl |
2012-02-01 | Name : Fedora Update for t1lib FEDORA-2012-0266 File : nvt/gb_fedora_2012_0266_t1lib_fc15.nasl |
2012-01-20 | Name : Ubuntu Update for t1lib USN-1335-1 File : nvt/gb_ubuntu_USN_1335_1.nasl |
2012-01-13 | Name : Mandriva Update for t1lib MDVSA-2012:004 (t1lib) File : nvt/gb_mandriva_MDVSA_2012_004.nasl |
2012-01-09 | Name : Mandriva Update for t1lib MDVSA-2012:002 (t1lib) File : nvt/gb_mandriva_MDVSA_2012_002.nasl |
2011-12-23 | Name : Ubuntu Update for t1lib USN-1316-1 File : nvt/gb_ubuntu_USN_1316_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
74528 | t1lib PDF Type 1 Font Handling Invalid Memory Write Use-after-free DoS |
74527 | t1lib PDF Type 1 Font Handling Invalid Memory Location DoS |
74526 | t1lib PDF Type 1 Font Handling Off-by-one Overflow DoS |
72302 | t1lib PDF Type 1 Font Handling Invalid Pointer Code Execution A memory corruption flaw exists in t1lib. The font handling function fails to sanitize user-supplied input using Type 1 fonts resulting in memory corruption. With a specially crafted PDF file, a context-dependent attacker can execute arbitrary code. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-01-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201701-57.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-249.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-40.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-48.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0062.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0137.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1201.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_t1lib-120423.nasl - Type : ACT_GATHER_INFO |
2012-08-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1201.nasl - Type : ACT_GATHER_INFO |
2012-08-24 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120823_tetex_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1201.nasl - Type : ACT_GATHER_INFO |
2012-08-16 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2012-228-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120215_texlive_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120124_t1lib_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-02-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0137.nasl - Type : ACT_GATHER_INFO |
2012-02-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0137.nasl - Type : ACT_GATHER_INFO |
2012-01-31 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0062.nasl - Type : ACT_GATHER_INFO |
2012-01-30 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0289.nasl - Type : ACT_GATHER_INFO |
2012-01-30 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0266.nasl - Type : ACT_GATHER_INFO |
2012-01-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0062.nasl - Type : ACT_GATHER_INFO |
2012-01-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1335-1.nasl - Type : ACT_GATHER_INFO |
2012-01-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2388.nasl - Type : ACT_GATHER_INFO |
2012-01-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-004.nasl - Type : ACT_GATHER_INFO |
2012-01-03 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-002.nasl - Type : ACT_GATHER_INFO |
2011-12-22 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1316-1.nasl - Type : ACT_GATHER_INFO |