cbcvebase.
CVE-2010-2642
published 2011-01-07

CVE-2010-2642: Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products…

PriorityP343high7.6CVSS 2.0
AVNACHAuNCCICAC
EPSS
14.27%
96.1th percentile
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

Affected

47 ranges· showing 25
VendorProductVersion rangeFixed in
debianevince< evince 3.0.2-1 (bookworm)evince 3.0.2-1 (bookworm)
debianevince< evince 2.32.0-1 (bookworm)evince 2.32.0-1 (bookworm)
gnomeevince>= 0 < 3.0.2-13.0.2-1
gnomeevince>= 0 < 2.32.0-12.32.0-1
gnomeevince>= 0 < 3.0.2-13.0.2-1
gnomeevince>= 0 < 2.32.0-12.32.0-1
gnomeevince>= 0 < 3.0.2-13.0.2-1
gnomeevince>= 0 < 2.32.0-12.32.0-1
gnomeevince>= 0 < 3.0.2-13.0.2-1
gnomeevince>= 0 < 2.32.0-12.32.0-1
redhatevince<= 2.32
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince

CVSS provenance

nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.6HIGH
vendor_debian7.6HIGH
vendor_redhat7.6HIGH
vendor_ubuntu7.6HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.