CVE-2010-2642

Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
redhatevince
𝑥
≤ 2.32
redhatevince
0.1
redhatevince
0.2
redhatevince
0.3
redhatevince
0.4
redhatevince
0.5
redhatevince
0.6
redhatevince
0.7
redhatevince
0.8
redhatevince
0.9
redhatevince
2.19
redhatevince
2.20
redhatevince
2.21
redhatevince
2.22
redhatevince
2.23
redhatevince
2.24
redhatevince
2.25
redhatevince
2.26
redhatevince
2.27
redhatevince
2.28
redhatevince
2.29
redhatevince
2.29.92
redhatevince
2.30
redhatevince
2.30.2
redhatevince
2.30.3
redhatevince
2.31
redhatevince
2.31.1
redhatevince
2.31.2
redhatevince
2.31.4
redhatevince
2.31.4.1
redhatevince
2.31.6
redhatevince
2.31.6.1
redhatevince
2.31.90
redhatevince
2.31.92
t1libt1lib
5.1.2
tugtetex
3.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
evince
bullseye
3.38.2-1
fixed
bookworm
43.1-2
fixed
sid
46.3.1-1
fixed
trixie
46.3.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
evince
oneiric
not-affected
natty
Fixed 2.32.0-0ubuntu4
released
maverick
Fixed 2.32.0-0ubuntu1.1
released
lucid
Fixed 2.30.3-0ubuntu1.2
released
karmic
Fixed 2.28.1-0ubuntu1.3
released
hardy
Fixed 2.22.2-0ubuntu2.1
released
dapper
ignored
t1lib
oneiric
Fixed 5.1.2-3ubuntu0.11.10.2
released
natty
Fixed 5.1.2-3ubuntu0.11.04.2
released
maverick
Fixed 5.1.2-3ubuntu0.10.10.2
released
lucid
Fixed 5.1.2-3ubuntu0.10.04.2
released
karmic
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html
http://lists.mandriva.com/security-announce/2011-01/msg00006.php
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://rhn.redhat.com/errata/RHSA-2012-1201.html
http://secunia.com/advisories/42769
http://secunia.com/advisories/42821
http://secunia.com/advisories/42847
http://secunia.com/advisories/42872
http://www.debian.org/security/2011/dsa-2357
http://www.mandriva.com/security/advisories?name=MDVSA-2011:016
http://www.mandriva.com/security/advisories?name=MDVSA-2011:017
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
http://www.redhat.com/support/errata/RHSA-2011-0009.html
http://www.securityfocus.com/bid/45678
http://www.securitytracker.com/id?1024937
http://www.ubuntu.com/usn/USN-1035-1
http://www.vupen.com/english/advisories/2011/0029
http://www.vupen.com/english/advisories/2011/0043
http://www.vupen.com/english/advisories/2011/0056
http://www.vupen.com/english/advisories/2011/0097
http://www.vupen.com/english/advisories/2011/0102
http://www.vupen.com/english/advisories/2011/0193
http://www.vupen.com/english/advisories/2011/0194
https://bugzilla.redhat.com/show_bug.cgi?id=666318
https://security.gentoo.org/glsa/201701-57
http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html
http://lists.mandriva.com/security-announce/2011-01/msg00006.php
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://rhn.redhat.com/errata/RHSA-2012-1201.html
http://secunia.com/advisories/42769
http://secunia.com/advisories/42821
http://secunia.com/advisories/42847
http://secunia.com/advisories/42872
http://www.debian.org/security/2011/dsa-2357
http://www.mandriva.com/security/advisories?name=MDVSA-2011:016
http://www.mandriva.com/security/advisories?name=MDVSA-2011:017
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
http://www.redhat.com/support/errata/RHSA-2011-0009.html
http://www.securityfocus.com/bid/45678
http://www.securitytracker.com/id?1024937
http://www.ubuntu.com/usn/USN-1035-1
http://www.vupen.com/english/advisories/2011/0029
http://www.vupen.com/english/advisories/2011/0043
http://www.vupen.com/english/advisories/2011/0056
http://www.vupen.com/english/advisories/2011/0097
http://www.vupen.com/english/advisories/2011/0102
http://www.vupen.com/english/advisories/2011/0193
http://www.vupen.com/english/advisories/2011/0194
https://bugzilla.redhat.com/show_bug.cgi?id=666318
https://security.gentoo.org/glsa/201701-57