|Date: (C)2011-03-31 (M)2017-07-06|
|CVSS Score: 4.3||Access Vector: NETWORK|
|Exploitability Subscore: 8.6||Access Complexity: MEDIUM|
|Impact Subscore: 2.9||Authentication: NONE|
| ||Confidentiality: NONE|
| ||Integrity: NONE|
| ||Availability: PARTIAL|
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.