CVE-2011-5244 - OpenCVE

Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gnome	Evince
T1lib	T1lib
Tetex	Tetex

Configuration 1 [-]

OR	cpe:2.3:a:gnome:evince:-:::::::*
	cpe:2.3:a:t1lib:t1lib::::::::
	cpe:2.3:a:tetex:tetex:3.0:::::::*

No data.

References

Link	Providers
http://git.gnome.org/browse/evince/commit/?id=439c5070022e
http://git.gnome.org/browse/evince/commit/?id=d4139205b010
http://www.openwall.com/lists/oss-security/2011/03/04/21
https://bugzilla.gnome.org/show_bug.cgi?id=643882
https://exchange.xforce.ibmcloud.com/vulnerabilities/80271
https://nvd.nist.gov/vuln/detail/CVE-2011-5244
https://security.gentoo.org/glsa/201701-57
https://www.cve.org/CVERecord?id=CVE-2011-5244

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-11-19T11:00:00

Updated: 2024-08-07T00:30:46.795Z

Reserved: 2012-11-18T00:00:00

Link: CVE-2011-5244

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-11-19T12:10:49.337

Modified: 2017-08-29T01:30:46.023

Link: CVE-2011-5244

Redhat

Severity : Moderate

Publid Date: 2011-03-04T00:00:00Z

Links: CVE-2011-5244 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-03-04T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=643882"}, {"name": "evince-token-code-exec(80271)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80271"}, {"name": "[oss-security] 20110304 Re: Re: CVE request: More Evince overflows", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/03/04/21"}, {"tags": ["x_refsource_MISC"], "url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010"}, {"name": "GLSA-201701-57", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-57"}, {"tags": ["x_refsource_MISC"], "url": "http://git.gnome.org/browse/evince/commit/?id=439c5070022e"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-5244", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.gnome.org/show_bug.cgi?id=643882", "refsource": "CONFIRM", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=643882"}, {"name": "evince-token-code-exec(80271)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80271"}, {"name": "[oss-security] 20110304 Re: Re: CVE request: More Evince overflows", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2011/03/04/21"}, {"name": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010", "refsource": "MISC", "url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010"}, {"name": "GLSA-201701-57", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-57"}, {"name": "http://git.gnome.org/browse/evince/commit/?id=439c5070022e", "refsource": "MISC", "url": "http://git.gnome.org/browse/evince/commit/?id=439c5070022e"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:30:46.795Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=643882"}, {"name": "evince-token-code-exec(80271)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80271"}, {"name": "[oss-security] 20110304 Re: Re: CVE request: More Evince overflows", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/03/04/21"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010"}, {"name": "GLSA-201701-57", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-57"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://git.gnome.org/browse/evince/commit/?id=439c5070022e"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-5244", "datePublished": "2012-11-19T11:00:00", "dateReserved": "2012-11-18T00:00:00", "dateUpdated": "2024-08-07T00:30:46.795Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:evince:-:*:*:*:*:*:*:*", "matchCriteriaId": "F97A2BB2-55C9-4F24-9155-F460649282D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:t1lib:t1lib:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6BB7CEC-0058-49F7-BDBF-110969D277D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:tetex:tetex:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9178B36F-41D5-4AE7-B9C8-56BDEADE76EB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433."}, {"lang": "es", "value": "Multiples errores off-by-one en las funciones (1) token y (2) linetoken en backend/dvi/MDVI-lib/afmparse.c en t1lib, tal y como se utiliza en teTeX v3.0.x, GNOME Evince, y posiblemente otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo que contiene un fichero DVI hecho a mano que contiene un archivo Adobe Font Metrics (AFM). Se trata de una vulnerabilidad diferente a CVE-2010-2642 y CVE-2011-0433.\r\n"}], "id": "CVE-2011-5244", "lastModified": "2017-08-29T01:30:46.023", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-11-19T12:10:49.337", "references": [{"source": "cve@mitre.org", "url": "http://git.gnome.org/browse/evince/commit/?id=439c5070022e"}, {"source": "cve@mitre.org", "url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2011/03/04/21"}, {"source": "cve@mitre.org", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=643882"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80271"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201701-57"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "t1lib: off-by-one errors in token and linetoken", "id": "878483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=878483"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "draft"}, "cwe": "CWE-193", "details": ["Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433."], "name": "CVE-2011-5244", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "evince", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "openoffice.org", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "tetex", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "evince", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "python-reportlab", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "t1lib", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "texlive", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2011-03-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-5244\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-5244"], "statement": "Not Vulnerable. This issue did not affect the version of tetex as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of t1lib and evince as shipped with Red Hat Enterprise Linux 6. Because the advisory released to fix CVE-2010-2642 completely resolved the problem without introducing this flaw.", "threat_severity": "Moderate"}