VDB
CVE-2011-5244
CVE-2011-5244
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
EPSS 1.78% · 83.0th percentile
Risk Scores
CVSS v2.0
6.800000190734863
EPSS Score
1.78%
83.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| t1lib | t1lib | |
| tetex | tetex | 3.0 |
| gnome | evince | |
| n/a | n/a | n/a |
Timeline
- Nov 19, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
References
- https://bugzilla.gnome.org/show_bug.cgi?id=643882 url
- evince-token-code-exec(80271) vdb
- [oss-security] 20110304 Re: Re: CVE request: More Evince overflows mailing-list
- http://git.gnome.org/browse/evince/commit/?id=d4139205b010 url
- GLSA-201701-57 vendor-advisory
- http://git.gnome.org/browse/evince/commit/?id=439c5070022e url
- https://nvd.nist.gov/vuln/detail/CVE-2011-5244 advisory