Vulnerability in Redhat Evince
CVE-2010-2643
Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
EPSS: 0.078 (92.1th percentile) — read the EPSS interpretation.
Affected products
- Redhat Evince — versions 0.1, 0.2, 0.3
- N/a — versions n/a
Weakness classification (CWE)
References
- 43068 (x_refsource_SECUNIA, third-party-advisory)
- MDVSA-2011:005 (vendor-advisory, x_refsource_MANDRIVA)
- cve@mitre.org (x_refsource_CONFIRM, Patch)
- 42872 (x_refsource_SECUNIA, third-party-advisory)
- ADV-2011-0212 (vdb-entry, x_refsource_VUPEN)
- ADV-2011-0043 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
- ADV-2011-0029 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
- FEDORA-2011-0224 (x_refsource_FEDORA, vendor-advisory)
- 42769 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- ADV-2011-0097 (vdb-entry, x_refsource_VUPEN)