CVE-2010-2640 — Improper Input Validation in Redhat Evince

CWE-20 — Improper Input Validation9 documents8 sources

Severity

7.6HIGHNVD

EPSS

8.2%

top 7.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Evince Redhat Evince

Timeline

PublishedJan 7

Latest updateMay 17

Description

Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

▶Debiangnome/evince< 2.30.3-2+3

▶NVDredhat/evince2.32+33

Patches

Patch: git.gnome.org ↗Patch: bugzilla.redhat.com ↗Patch: git.gnome.org ↗

🔴Vulnerability Details

GHSA

GHSA-8g52-q4jc-4p2g: Array index error in the PK font parser in the dvi-backend component in Evince 2↗2022-05-17

▶

OSV

CVE-2010-2640: Array index error in the PK font parser in the dvi-backend component in Evince 2↗2011-01-07

▶

CVEList

CVE-2010-2640: Array index error in the PK font parser in the dvi-backend component in Evince 2↗2011-01-07

▶

📋Vendor Advisories

Ubuntu

Evince vulnerabilities↗2011-01-05

▶

Red Hat

evince: Array index errror in DVI file PK font parser↗2011-01-05

▶

Debian

CVE-2010-2640: evince - Array index error in the PK font parser in the dvi-backend component in Evince 2...↗2010

▶

💬Community

Bugzilla

CVE-2010-2641 CVE-2010-2642 CVE-2010-2640 CVE-2010-2643 evince various flaws [fedora-all]↗2011-01-06

▶

Bugzilla

CVE-2010-2640 evince: Array index errror in DVI file PK font parser↗2010-12-30

▶