ID CVE-2010-2643
Summary Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:evince:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.19:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.19:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.20:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.20:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.21:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.21:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.22:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.22:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.23:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.23:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.24:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.24:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.25:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.25:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.26:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.26:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.27:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.27:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.28:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.28:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.29:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.29:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.29.92:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.29.92:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.30:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.30:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.30.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.30.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.30.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.30.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.31:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.31:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.31.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.31.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.31.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.31.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.31.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.31.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.31.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.31.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.31.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.31.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.31.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.31.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.31.90:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.31.90:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.31.92:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.31.92:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:evince:2.32:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:evince:2.32:*:*:*:*:*:*:*
CVSS
Base: 7.6 (as of 19-01-2012 - 03:49)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:N/C:C/I:C/A:C
redhat via4
advisories
bugzilla
id 666321
title CVE-2010-2643 evince: Integer overflow in DVI file TFM font parser
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment evince is earlier than 0:2.28.2-14.el6_0.1
        oval oval:com.redhat.rhsa:tst:20110009005
      • comment evince is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110009006
    • AND
      • comment evince-devel is earlier than 0:2.28.2-14.el6_0.1
        oval oval:com.redhat.rhsa:tst:20110009009
      • comment evince-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110009010
    • AND
      • comment evince-dvi is earlier than 0:2.28.2-14.el6_0.1
        oval oval:com.redhat.rhsa:tst:20110009011
      • comment evince-dvi is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110009012
    • AND
      • comment evince-libs is earlier than 0:2.28.2-14.el6_0.1
        oval oval:com.redhat.rhsa:tst:20110009007
      • comment evince-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110009008
rhsa
id RHSA-2011:0009
released 2011-01-06
severity Moderate
title RHSA-2011:0009: evince security update (Moderate)
rpms
  • evince-0:2.28.2-14.el6_0.1
  • evince-devel-0:2.28.2-14.el6_0.1
  • evince-dvi-0:2.28.2-14.el6_0.1
  • evince-libs-0:2.28.2-14.el6_0.1
refmap via4
bid 45678
confirm
debian DSA-2357
fedora
  • FEDORA-2011-0208
  • FEDORA-2011-0224
mandriva MDVSA-2011:005
sectrack 1024937
secunia
  • 42769
  • 42821
  • 42847
  • 42872
  • 43068
suse SUSE-SR:2011:002
ubuntu USN-1035-1
vupen
  • ADV-2011-0029
  • ADV-2011-0043
  • ADV-2011-0056
  • ADV-2011-0097
  • ADV-2011-0102
  • ADV-2011-0212
Last major update 19-01-2012 - 03:49
Published 07-01-2011 - 19:00
Back to Top