CVE-2010-2641
published 2011-01-07CVE-2010-2641: Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service…
PriorityP336high7.6CVSS 2.0
AVNACHAuNCCICAC
EPSS
4.93%
91.1th percentile
Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
Affected
39 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | evince | < evince 2.30.3-2 (bookworm) | evince 2.30.3-2 (bookworm) |
| gnome | evince | >= 0 < 2.30.3-2 | 2.30.3-2 |
| gnome | evince | >= 0 < 2.30.3-2 | 2.30.3-2 |
| gnome | evince | >= 0 < 2.30.3-2 | 2.30.3-2 |
| gnome | evince | >= 0 < 2.30.3-2 | 2.30.3-2 |
| redhat | evince | <= 2.32 | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
CVSS provenance
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.6HIGH
vendor_debian7.6HIGH
vendor_redhat7.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wp3m-2vp9-h8xm: Array index error in the VF font parser in the dvi-backend component in Evince 2
ghsa_unreviewed·2022-05-17
CVE-2010-2641 [HIGH] CWE-20 GHSA-wp3m-2vp9-h8xm: Array index error in the VF font parser in the dvi-backend component in Evince 2
Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
OSV
CVE-2010-2641: Array index error in the VF font parser in the dvi-backend component in Evince 2
osv·2011-01-07·CVSS 7.6
CVE-2010-2641 [HIGH] CVE-2010-2641: Array index error in the VF font parser in the dvi-backend component in Evince 2
Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
Ubuntu
Evince vulnerabilities
vendor_ubuntu·2011-01-05
CVE-2010-2643 Evince vulnerabilities
Title: Evince vulnerabilities
Jon Larimer discovered that Evince's font parsers incorrectly handled
certain buffer lengths when rendering a DVI file. By tricking a user into
opening or previewing a DVI file that uses a specially crafted font file,
an attacker could crash evince or execute arbitrary code with the user's
privileges.
In the default installation of Ubuntu 9.10 and later, attackers would be
isolated by the Evince AppArmor profile.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
evince: Array index errror in DVI file VF font parser
vendor_redhat·2011-01-05·CVSS 7.6
CVE-2010-2641 [HIGH] evince: Array index errror in DVI file VF font parser
evince: Array index errror in DVI file VF font parser
Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
Statement: This issue did not affect the versions of evince as shipped with Red Hat
Enterprise Linux 5.
Package: evince (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2010-2641: evince - Array index error in the VF font parser in the dvi-backend component in Evince 2...
vendor_debian·2010·CVSS 7.6
CVE-2010-2641 [HIGH] CVE-2010-2641: evince - Array index error in the VF font parser in the dvi-backend component in Evince 2...
Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
Scope: local
bookworm: resolved (fixed in 2.30.3-2)
bullseye: resolved (fixed in 2.30.3-2)
forky: resolved (fixed in 2.30.3-2)
sid: resolved (fixed in 2.30.3-2)
trixie: resolved (fixed in 2.30.3-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-2641 CVE-2010-2642 CVE-2010-2640 CVE-2010-2643 evince various flaws [fedora-all]
bugzilla·2011-01-06·CVSS 7.6
CVE-2010-2641 [HIGH] CVE-2010-2641 CVE-2010-2642 CVE-2010-2640 CVE-2010-2643 evince various flaws [fedora-all]
CVE-2010-2641 CVE-2010-2642 CVE-2010-2640 CVE-2010-2643 evince various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=666314
Please note: this issue a
Bugzilla
CVE-2010-2641 evince: Array index errror in DVI file VF font parser
bugzilla·2010-12-30·CVSS 7.6
CVE-2010-2641 [HIGH] CVE-2010-2641 evince: Array index errror in DVI file VF font parser
CVE-2010-2641 evince: Array index errror in DVI file VF font parser
An array index error in the parser for VF font files, which is used for
rendering DVI files, in the GNOME evince document viewer can lead to local or
remote code execution. Due to insufficient bounds checks when writing to
elements in an array, it's possible to overwrite the address of a function
pointer, leading to possible arbitrary code execution.
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2641 to
this issue.
The vulnerability is present in the code that handles loading of fonts used by
DVI files.To exploit you need two files, a DVI file and the malicious font.
The vulnerability is triggered not only by opening the document in evince, but
also by browsing to a folder which contains the malic
http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.htmlhttp://lists.mandriva.com/security-announce/2011-01/msg00006.phphttp://secunia.com/advisories/42769http://secunia.com/advisories/42821http://secunia.com/advisories/42847http://secunia.com/advisories/42872http://www.debian.org/security/2011/dsa-2357http://www.redhat.com/support/errata/RHSA-2011-0009.htmlhttp://www.securityfocus.com/bid/45678http://www.securitytracker.com/id?1024937http://www.ubuntu.com/usn/USN-1035-1http://www.vupen.com/english/advisories/2011/0029http://www.vupen.com/english/advisories/2011/0043http://www.vupen.com/english/advisories/2011/0056http://www.vupen.com/english/advisories/2011/0097http://www.vupen.com/english/advisories/2011/0102https://bugzilla.redhat.com/show_bug.cgi?id=666314http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.htmlhttp://lists.mandriva.com/security-announce/2011-01/msg00006.phphttp://secunia.com/advisories/42769http://secunia.com/advisories/42821http://secunia.com/advisories/42847http://secunia.com/advisories/42872http://www.debian.org/security/2011/dsa-2357http://www.redhat.com/support/errata/RHSA-2011-0009.htmlhttp://www.securityfocus.com/bid/45678http://www.securitytracker.com/id?1024937http://www.ubuntu.com/usn/USN-1035-1http://www.vupen.com/english/advisories/2011/0029http://www.vupen.com/english/advisories/2011/0043http://www.vupen.com/english/advisories/2011/0056http://www.vupen.com/english/advisories/2011/0097http://www.vupen.com/english/advisories/2011/0102https://bugzilla.redhat.com/show_bug.cgi?id=666314
2011-01-07
Published