Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| T1lib | T1lib | * | 5.1.2 (including) |
| T1lib | T1lib | 0.1-alpha (including) | 0.1-alpha (including) |
| T1lib | T1lib | 0.2-beta (including) | 0.2-beta (including) |
| T1lib | T1lib | 0.3-beta (including) | 0.3-beta (including) |
| T1lib | T1lib | 0.4-beta (including) | 0.4-beta (including) |
| T1lib | T1lib | 0.5-beta (including) | 0.5-beta (including) |
| T1lib | T1lib | 0.6-beta (including) | 0.6-beta (including) |
| T1lib | T1lib | 0.7-beta (including) | 0.7-beta (including) |
| T1lib | T1lib | 0.8-beta (including) | 0.8-beta (including) |
| T1lib | T1lib | 0.9 (including) | 0.9 (including) |
| T1lib | T1lib | 0.9.1 (including) | 0.9.1 (including) |
| T1lib | T1lib | 0.9.2 (including) | 0.9.2 (including) |
| T1lib | T1lib | 1.0 (including) | 1.0 (including) |
| T1lib | T1lib | 1.0.1 (including) | 1.0.1 (including) |
| T1lib | T1lib | 1.1.0 (including) | 1.1.0 (including) |
| T1lib | T1lib | 1.1.1 (including) | 1.1.1 (including) |
| T1lib | T1lib | 1.2 (including) | 1.2 (including) |
| T1lib | T1lib | 1.3 (including) | 1.3 (including) |
| T1lib | T1lib | 1.3.1 (including) | 1.3.1 (including) |
| T1lib | T1lib | 5.0.0 (including) | 5.0.0 (including) |
| T1lib | T1lib | 5.0.1 (including) | 5.0.1 (including) |
| T1lib | T1lib | 5.0.2 (including) | 5.0.2 (including) |
| T1lib | T1lib | 5.1.0 (including) | 5.1.0 (including) |
| T1lib | T1lib | 5.1.1 (including) | 5.1.1 (including) |