Published: 07/01/2011 Updated: 19/01/2012

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

VMScore: 676

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and previous versions allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat evince
redhat evince 2.31
redhat evince 2.24
redhat evince 2.28
redhat evince 2.27
redhat evince 2.20
redhat evince 2.19
redhat evince 0.3
redhat evince 0.2
redhat evince 2.30.3
redhat evince 2.30.2
redhat evince 2.30
redhat evince 2.29
redhat evince 2.22
redhat evince 2.21
redhat evince 0.5
redhat evince 0.4
redhat evince 2.31.90
redhat evince 2.31.4
redhat evince 2.23
redhat evince 0.7
redhat evince 0.6
redhat evince 2.31.6
redhat evince 2.31.6.1
redhat evince 2.29.92
redhat evince 2.26
redhat evince 2.25
redhat evince 0.9
redhat evince 0.8
redhat evince 0.1
redhat evince 2.31.92
redhat evince 2.31.4.1
redhat evince 2.31.2
redhat evince 2.31.1

Debian Bug report logs - #609534 CVE-2010-2640/CVE-2010-2641/CVE-2010-2642/CVE-2010-2643 Package: evince; Maintainer for evince is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for evince is src:evince (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> ...

Jon Larimer discovered that Evince’s font parsers incorrectly handled certain buffer lengths when rendering a DVI file By tricking a user into opening or previewing a DVI file that uses a specially crafted font file, an attacker could crash evince or execute arbitrary code with the user’s privileges ...

Jon Larimer from IBM X-Force Advanced Research discovered multiple vulnerabilities in the DVI backend of the Evince document viewer: CVE-2010-2640 Insufficient array bounds checks in the PK fonts parser could lead to function pointer overwrite, causing arbitrary code execution CVE-2010-2641 Insufficient array bounds checks in the VF f ...

CWE-20 http://secunia.com/advisories/42769 http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2 https://bugzilla.redhat.com/show_bug.cgi?id=666314 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html http://www.redhat.com/support/errata/RHSA-2011-0009.html http://www.vupen.com/english/advisories/2011/0043 http://www.ubuntu.com/usn/USN-1035-1 http://www.securitytracker.com/id?1024937 http://www.securityfocus.com/bid/45678 http://secunia.com/advisories/42847 http://www.vupen.com/english/advisories/2011/0029 http://secunia.com/advisories/42821 http://www.vupen.com/english/advisories/2011/0056 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html http://secunia.com/advisories/42872 http://lists.mandriva.com/security-announce/2011-01/msg00006.php http://www.vupen.com/english/advisories/2011/0097 http://www.vupen.com/english/advisories/2011/0102 http://www.debian.org/security/2011/dsa-2357 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609534 https://usn.ubuntu.com/1035-1/https://nvd.nist.gov

CVE-2010-2641

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect