Buffer overflow in Gnome Evince

CVE-2011-0433

Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary cod…

Vulnerability class: Buffer Overflow

EPSS: 0.019 (83.6th percentile) — read the EPSS interpretation.

Affected products

Gnome Evince
T1lib
Tetex — versions 3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_CONFIRM)
48985 (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (x_refsource_MISC)
RHSA-2012:1201 (x_refsource_REDHAT, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM)
MDVSA-2012:144 (vendor-advisory, x_refsource_MANDRIVA)
GLSA-201701-57 (vendor-advisory, x_refsource_GENTOO)