CVE-2011-3062

Name	CVE-2011-3062
Description	Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
chromium-browser (PTS)	jessie, jessie (lts)	57.0.2987.98-1~deb8u1	fixed
	stretch (security), stretch (lts), stretch	71.0.3578.80-1~deb9u1	fixed
icedove (PTS)	jessie	1:52.3.0-4~deb8u2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency
chromium-browser	source	squeeze	(unfixed)	end-of-life
chromium-browser	source	(unstable)	18.0.1025.142~r129054-1
iceape	source	squeeze	(not affected)
iceape	source	(unstable)	2.7.4-1
icedove	source	squeeze	(not affected)
icedove	source	(unstable)	10.0.4-1
iceweasel	source	squeeze	(not affected)
iceweasel	source	(unstable)	10.0.4esr-1

Notes

[squeeze] - icedove <not-affected> (Vulnerable code not present)
[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
[squeeze] - iceape <not-affected> (Vulnerable code not present)