Debian Bug report logs -
#609534
CVE-2010-2640/CVE-2010-2641/CVE-2010-2642/CVE-2010-2643
Package:
evince;
Maintainer for evince is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for evince is src:evince (PTS, buildd, popcon)
Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde>
...
Jon Larimer discovered that Evince’s font parsers incorrectly handled
certain buffer lengths when rendering a DVI file By tricking a user into
opening or previewing a DVI file that uses a specially crafted font file,
an attacker could crash evince or execute arbitrary code with the user’s
privileges ...
t1lib could be made to crash or run programs as your login if it opened a
specially crafted font file ...
Synopsis
Moderate: t1lib security update
Type/Severity
Security Advisory: Moderate
Topic
Updated t1lib packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability S ...
Synopsis
Moderate: texlive security update
Type/Severity
Security Advisory: Moderate
Topic
Updated texlive packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerabili ...
Synopsis
Moderate: tetex security update
Type/Severity
Security Advisory: Moderate
Topic
Updated tetex packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability S ...
Jon Larimer from IBM X-Force Advanced Research discovered multiple
vulnerabilities in the DVI backend of the Evince document viewer:
CVE-2010-2640
Insufficient array bounds checks in the PK fonts parser could lead
to function pointer overwrite, causing arbitrary code execution
CVE-2010-2641
Insufficient array bounds checks in the VF f ...
Several vulnerabilities were discovered in t1lib, a Postscript Type 1
font rasterizer library, some of which might lead to code execution
through the opening of files embedding bad fonts
CVE-2010-2642
A heap-based buffer overflow in the AFM font metrics parser
potentially leads to the execution of arbitrary code
CVE-2011-0433
Another heap-bas ...
TeX Live embeds a copy of t1lib The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts The following issues affect t1lib code:
Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files If a specially-crafted font file was opened by a TeX Live utility, it could cause the util ...
Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2010-2642, CVE-20 ...