Search for vulnerabilities
Vulnerability details: VCID-9fvm-1dw8-aaah
Vulnerability ID VCID-9fvm-1dw8-aaah
Aliases CVE-2011-1554
Summary Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-189 Numeric Errors
CWE-193 Off-by-one Error
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0062
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0137
rhas Moderate https://access.redhat.com/errata/RHSA-2012:1201
epss 0.02737 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.02737 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.02737 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.02737 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.02860 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.02860 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.02860 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.02860 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.02860 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.02860 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.02860 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.02860 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.02860 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.02860 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.02860 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.06576 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
epss 0.1039 https://api.first.org/data/v1/epss?cve=CVE-2011-1554
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=692856
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2011-1554
Reference id Reference type URL
http://rhn.redhat.com/errata/RHSA-2012-1201.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1554.json
https://api.first.org/data/v1/epss?cve=CVE-2011-1554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554
http://secunia.com/advisories/43823
http://secunia.com/advisories/48985
http://securityreason.com/securityalert/8171
http://securitytracker.com/id?1025266
https://security.gentoo.org/glsa/201701-57
http://www.foolabs.com/xpdf/download.html
http://www.kb.cert.org/vuls/id/376500
http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
http://www.securityfocus.com/archive/1/517205/100/0/threaded
http://www.toucan-system.com/advisories/tssa-2011-01.txt
http://www.vupen.com/english/advisories/2011/0728
692856 https://bugzilla.redhat.com/show_bug.cgi?id=692856
CVE-2011-1554 https://nvd.nist.gov/vuln/detail/CVE-2011-1554
RHSA-2012:0062 https://access.redhat.com/errata/RHSA-2012:0062
RHSA-2012:0137 https://access.redhat.com/errata/RHSA-2012:0137
RHSA-2012:1201 https://access.redhat.com/errata/RHSA-2012:1201
USN-1335-1 https://usn.ubuntu.com/1335-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2011-1554
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.90261
EPSS Score 0.02737
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.