Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 19/11/2012 Updated: 29/08/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome evince -
tetex tetex 3.0
t1lib t1lib

CWE-189 https://bugzilla.gnome.org/show_bug.cgi?id=643882 http://git.gnome.org/browse/evince/commit/?id=439c5070022e http://www.openwall.com/lists/oss-security/2011/03/04/21 http://git.gnome.org/browse/evince/commit/?id=d4139205b010 https://security.gentoo.org/glsa/201701-57 https://exchange.xforce.ibmcloud.com/vulnerabilities/80271 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-5244

Vulnerability Summary

References

Vulmon Search

About

Products

Connect