CVE-2010-2641

CWE-20Improper Input Validation9 documents8 sources
Severity
7.6HIGH
EPSS
8.2%
top 7.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Evince
Timeline
PublishedJan 7
Latest updateMay 17

Description

Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

Debianevince< 2.30.3-2+3
NVDredhat/evince2.32+33

Patches

Patch: git.gnome.orgPatch: bugzilla.redhat.comPatch: git.gnome.org

🔴Vulnerability Details

3
GHSA
GHSA-wp3m-2vp9-h8xm: Array index error in the VF font parser in the dvi-backend component in Evince 22022-05-17
OSV
CVE-2010-2641: Array index error in the VF font parser in the dvi-backend component in Evince 22011-01-07
CVEList
CVE-2010-2641: Array index error in the VF font parser in the dvi-backend component in Evince 22011-01-07

📋Vendor Advisories

3
Ubuntu
Evince vulnerabilities2011-01-05
Red Hat
evince: Array index errror in DVI file VF font parser2011-01-05
Debian
CVE-2010-2641: evince - Array index error in the VF font parser in the dvi-backend component in Evince 2...2010

💬Community

2
Bugzilla
CVE-2010-2641 CVE-2010-2642 CVE-2010-2640 CVE-2010-2643 evince various flaws [fedora-all]2011-01-06
Bugzilla
CVE-2010-2641 evince: Array index errror in DVI file VF font parser2010-12-30
CVE-2010-2641 (HIGH CVSS 7.6) | Array index error in the VF font pa | cvebase.io