Search for vulnerabilities
Vulnerability details: VCID-z9xc-jkyt-aaaq
Vulnerability ID VCID-z9xc-jkyt-aaaq
Aliases CVE-2011-0764
Summary t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0062
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0137
rhas Moderate https://access.redhat.com/errata/RHSA-2012:1201
epss 0.27818 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.27818 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.27818 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.27818 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.27818 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.27818 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.27818 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.27818 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.27818 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.27818 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.27818 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.31187 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.49758 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.49758 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.49758 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
epss 0.49758 https://api.first.org/data/v1/epss?cve=CVE-2011-0764
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=692909
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2011-0764
Reference id Reference type URL
http://rhn.redhat.com/errata/RHSA-2012-1201.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0764.json
https://api.first.org/data/v1/epss?cve=CVE-2011-0764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0764
http://secunia.com/advisories/43823
http://secunia.com/advisories/47347
http://secunia.com/advisories/48985
http://securityreason.com/securityalert/8171
http://securitytracker.com/id?1025266
https://exchange.xforce.ibmcloud.com/vulnerabilities/66208
https://security.gentoo.org/glsa/201701-57
http://www.foolabs.com/xpdf/download.html
http://www.kb.cert.org/vuls/id/376500
http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
http://www.mandriva.com/security/advisories?name=MDVSA-2012:002
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
http://www.securityfocus.com/archive/1/517205/100/0/threaded
http://www.securityfocus.com/bid/46941
http://www.toucan-system.com/advisories/tssa-2011-01.txt
http://www.ubuntu.com/usn/USN-1316-1
http://www.vupen.com/english/advisories/2011/0728
692909 https://bugzilla.redhat.com/show_bug.cgi?id=692909
CVE-2011-0764 https://nvd.nist.gov/vuln/detail/CVE-2011-0764
RHSA-2012:0062 https://access.redhat.com/errata/RHSA-2012:0062
RHSA-2012:0137 https://access.redhat.com/errata/RHSA-2012:0137
RHSA-2012:1201 https://access.redhat.com/errata/RHSA-2012:1201
USN-1316-1 https://usn.ubuntu.com/1316-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2011-0764
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.96917
EPSS Score 0.27818
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.