CVE-2011-5244
https://notcve.org/view.php?id=CVE-2011-5244
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433. Multiples errores off-by-one en las funciones (1) token y (2) linetoken en backend/dvi/MDVI-lib/afmparse.c en t1lib, tal y como se utiliza en teTeX v3.0.x, GNOME Evince, y posiblemente otros productos, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código de su elección a través de un archivo que contiene un fichero DVI hecho a mano que contiene un archivo Adobe Font Metrics (AFM). Se trata de una vulnerabilidad diferente a CVE-2010-2642 y CVE-2011-0433. • http://git.gnome.org/browse/evince/commit/?id=439c5070022e http://git.gnome.org/browse/evince/commit/?id=d4139205b010 http://www.openwall.com/lists/oss-security/2011/03/04/21 https://bugzilla.gnome.org/show_bug.cgi?id=643882 https://exchange.xforce.ibmcloud.com/vulnerabilities/80271 https://security.gentoo.org/glsa/201701-57 • CWE-189: Numeric Errors •
CVE-2011-0433 – t1lib: Heap-based buffer overflow DVI file AFM font parser
https://notcve.org/view.php?id=CVE-2011-0433
Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642. Un desbordamiento de búfer basado en memoria dinámica ('heap') en la función linetoken en afmparse.c en t1lib, tal y como se utiliza en teTeX v3.0.x, GNOME Evince, y posiblemente otros productos, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código de su elección a través de un archivo que contiene un DVI que contiene un archivo Adobe Font Metrics (AFM) hecho a mano. Se trata de una vulnerabilidad diferente a CVE-2010-2642. • http://rhn.redhat.com/errata/RHSA-2012-1201.html http://secunia.com/advisories/48985 http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow https://bugzilla.gnome.org/show_bug.cgi?id=640923 https://bugzilla.redhat.com/show_bug.cgi?id=679732 https://security.gentoo.org/glsa/201701-57 https://access.redhat.com/security/cve/CVE-2011-0433 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2010-2642 – t1lib: Heap based buffer overflow in DVI file AFM font parser
https://notcve.org/view.php?id=CVE-2010-2642
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. Desbordamiento de búfer basado en memoria dinámica en el validador de fuentes AFM (AFM font parser) en el componente dvi-backend de Evince v2.32 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o puede que ejecutar código de su elección a través de una fuente manipulada junto con un fichero DVI que es procesado por el thumbnailer. • http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html http://lists.mandriva.com/security-announce/2011-01/msg00006.php http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://rhn.redhat.com/errata/RHSA-2012-1201.html http://secunia.com/advisories/42769 http://secunia.com/advisories/4282 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2005-3626
https://notcve.org/view.php?id=CVE-2005-3626
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-399: Resource Management Errors •
CVE-2005-3625
https://notcve.org/view.php?id=CVE-2005-3625
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-399: Resource Management Errors •