Vulnerability CVE-2010-2642: Information

Description

Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

Severity: HIGH (7.6)

Published: Jan. 7, 2011
Modified: July 1, 2017
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
t1libsisyphus5.1.2-alt65.1.2-alt7ALT-PU-2020-3095-1260177Fixed
t1libp105.1.2-alt65.1.2-alt6ALT-PU-2020-3095-1260177Fixed
t1libp95.1.2-alt65.1.2-alt6ALT-PU-2020-3114-1260178Fixed
t1libc10f15.1.2-alt65.1.2-alt6ALT-PU-2020-3095-1260177Fixed
t1libc9f25.1.2-alt65.1.2-alt6ALT-PU-2022-1925-1300244Fixed

References to Advisories, Solutions, and Tools

    1. Configuration 1

      cpe:2.3:a:redhat:evince:2.31.1:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.19:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.29.92:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.27:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.30.3:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.31.6.1:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.31:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:0.2:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.22:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:0.8:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:0.4:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.31.4.1:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:0.1:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.20:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.21:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:0.5:*:*:*:*:*:*:*

      cpe:2.3:a:t1lib:t1lib:5.1.2:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.31.92:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.31.2:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.30:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.25:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.29:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:0.3:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:0.7:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.31.6:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.24:*:*:*:*:*:*:*

      cpe:2.3:a:tug:tetex:3.0:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:0.6:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.23:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:0.9:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:*:*:*:*:*:*:*:*
      End including
      2.32

      cpe:2.3:a:redhat:evince:2.31.90:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.30.2:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.28:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.26:*:*:*:*:*:*:*

      cpe:2.3:a:redhat:evince:2.31.4:*:*:*:*:*:*:*