Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-2642

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2010-2642
Last Modified 11 Feb 2014 11:21:57
Published 07 Jan 2011 02:00:17
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2010-2642

Summary

Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

Vulnerable Systems

Application

  • Redhat Evince 0.1

  • Redhat Evince 0.2

  • Redhat Evince 0.3

  • Redhat Evince 0.4

  • Redhat Evince 0.5

  • Redhat Evince 0.6

  • Redhat Evince 0.7

  • Redhat Evince 0.8

  • Redhat Evince 0.9

  • Redhat Evince 2.19

  • Redhat Evince 2.20

  • Redhat Evince 2.21

  • Redhat Evince 2.22

  • Redhat Evince 2.23

  • Redhat Evince 2.24

  • Redhat Evince 2.25

  • Redhat Evince 2.26

  • Redhat Evince 2.27

  • Redhat Evince 2.28

  • Redhat Evince 2.29

  • Redhat Evince 2.29.92

  • Redhat Evince 2.30

  • Redhat Evince 2.30.2

  • Redhat Evince 2.30.3

  • Redhat Evince 2.31

  • Redhat Evince 2.31.1

  • Redhat Evince 2.31.2

  • Redhat Evince 2.31.4

  • Redhat Evince 2.31.4.1

  • Redhat Evince 2.31.6

  • Redhat Evince 2.31.6.1

  • Redhat Evince 2.31.90

  • Redhat Evince 2.31.92

  • Redhat Evince 2.32

  • T1lib 5.1.2

  • Tug Tetex 3.0


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=666318

CONFIRM - http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2

VUPEN - ADV-2011-0194

VUPEN - ADV-2011-0193

VUPEN - ADV-2011-0102

VUPEN - ADV-2011-0097

VUPEN - ADV-2011-0056

VUPEN - ADV-2011-0043

VUPEN - ADV-2011-0029

UBUNTU - USN-1035-1

SECTRACK - 1024937

BID - 45678

REDHAT - RHSA-2011:0009

MANDRIVA - MDVSA-2011:017

MANDRIVA - MDVSA-2011:016

SECUNIA - 42872

SECUNIA - 42847

SECUNIA - 42821

SECUNIA - 42769

MANDRIVA - MDVSA-2011:005

FEDORA - FEDORA-2011-0224

FEDORA - FEDORA-2011-0208

DEBIAN - DSA-2357

MANDRIVA - MDVSA-2012:144

REDHAT - RHSA-2012:1201

SUSE - SUSE-SR:2011:005

Related Patches

Red Hat 2012:1201-01 RHSA Moderate: tetex security update for RHEL 5 x86

Novell SUSE 2011:7324 xpdf security update for SLE 10 SP3 i586


Last Updated: 27 May 2016 10:57:20