Improper input validation in Foolabs Xpdf
CVE-2011-0764
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.131 (95.8th percentile) — read the EPSS interpretation.
Affected products
- Foolabs Xpdf — versions 0.5a, 0.7a, 0.91a
- Glyphandcog Xpdfreader — versions 0.2, 0.3, 0.4
- T1lib — versions 0.1, 0.2, 0.3
- N/a — versions n/a
Weakness classification (CWE)
References
- cret@cert.org (vendor-advisory, x_refsource_MANDRIVA)
- cret@cert.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cret@cert.org (x_refsource_SECUNIA, third-party-advisory)
- cret@cert.org (x_refsource_SECUNIA, third-party-advisory)
- cret@cert.org (x_refsource_SREASON, third-party-advisory)
- cret@cert.org (x_refsource_CONFIRM, US Government Resource)
- cret@cert.org (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
- cret@cert.org (vdb-entry, x_refsource_XF)
- cret@cert.org (x_refsource_REDHAT, vendor-advisory)
- cret@cert.org (x_refsource_CONFIRM, Patch)