Jump to content
Sign in to follow this  
paul

Advisories MDVSA-2011:005: evince

Recommended Posts

Multiple vulnerabilities has been found and corrected in evince:

 

Array index error in the PK and VF font parser in the dvi-backend

component in Evince 2.32 and earlier allows remote attackers to

cause a denial of service (application crash) or possibly execute

arbitrary code via a crafted font in conjunction with a DVI file that

is processed by the thumbnailer (CVE-2010-2640, CVE-2010-2641).

 

Heap-based buffer overflow in the AFM font parser in the dvi-backend

component in Evince 2.32 and earlier allows remote attackers to

cause a denial of service (application crash) or possibly execute

arbitrary code via a crafted font in conjunction with a DVI file that

is processed by the thumbnailer (CVE-2010-2642).

 

Integer overflow in the TFM font parser in the dvi-backend component in

Evince 2.32 and earlier allows remote attackers to execute arbitrary

code via a crafted font in conjunction with a DVI file that is

processed by the thumbnailer (CVE-2010-2643).

 

The updated packages have been patched to correct these issues.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...