Main Vulnerability Database Vulnerabilities #VU33510

Buffer overflow - CVE-2011-1552

Published: April 1, 2011 / Updated: August 4, 2020

Vulnerability identifier: #VU33510

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-1552

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.

How to mitigate CVE-2011-1552

Install update from vendor's website.

Sources

http://rhn.redhat.com/errata/RHSA-2012-1201.html
http://secunia.com/advisories/43823
http://secunia.com/advisories/48985
http://securityreason.com/securityalert/8171
http://securitytracker.com/id?1025266
http://www.foolabs.com/xpdf/download.html
http://www.kb.cert.org/vuls/id/376500
http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
http://www.securityfocus.com/archive/1/517205/100/0/threaded
http://www.toucan-system.com/advisories/tssa-2011-01.txt
http://www.vupen.com/english/advisories/2011/0728
https://security.gentoo.org/glsa/201701-57

Buffer overflow - CVE-2011-1552

Detailed vulnerability description

How to mitigate CVE-2011-1552

Sources

Please verify you're human