Improper input validation in Redhat Evince

CVE-2010-2641

Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction w…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.082 (92.3th percentile) — read the EPSS interpretation.

Affected products

Redhat Evince — versions 0.1, 0.2, 0.3
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

MDVSA-2011:005 (vendor-advisory, x_refsource_MANDRIVA)
42872 (x_refsource_SECUNIA, third-party-advisory)
ADV-2011-0043 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
ADV-2011-0029 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
FEDORA-2011-0224 (x_refsource_FEDORA, vendor-advisory)
42769 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
ADV-2011-0097 (vdb-entry, x_refsource_VUPEN)
DSA-2357 (vendor-advisory, x_refsource_DEBIAN)
USN-1035-1 (x_refsource_UBUNTU, vendor-advisory)
ADV-2011-0102 (vdb-entry, x_refsource_VUPEN)