Computer Security
[EN] securityvulns.ru no-pyccku


evince buffer overflows
Published:07.01.2011
Source:
SecurityVulns ID:11339
Type:local
Threat Level:
4/10
Description:Buffer overflows on malformed fonts during DVI files processing.
CVE:CVE-2010-2643 (Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.)
 CVE-2010-2642 (Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.)
 CVE-2010-2641 (Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.)
 CVE-2010-2640 (Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.)
Original documentdocumentUBUNTU, [USN-1035-1] Evince vulnerabilities (07.01.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod