Vulnerability CVE-2010-2642: Information
Description
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
Severity: HIGH (7.6)
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
t1lib | sisyphus | 5.1.2-alt6 | 5.1.2-alt7 | ALT-PU-2020-3095-1 | 260177 | Fixed |
t1lib | p10 | 5.1.2-alt6 | 5.1.2-alt6 | ALT-PU-2020-3095-1 | 260177 | Fixed |
t1lib | p9 | 5.1.2-alt6 | 5.1.2-alt6 | ALT-PU-2020-3114-1 | 260178 | Fixed |
t1lib | c10f1 | 5.1.2-alt6 | 5.1.2-alt6 | ALT-PU-2020-3095-1 | 260177 | Fixed |
t1lib | c9f2 | 5.1.2-alt6 | 5.1.2-alt6 | ALT-PU-2022-1925-1 | 300244 | Fixed |