CVE-2010-2642
Severity
7.6HIGH
EPSS
14.8%
top 5.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 7
Latest updateMay 17
Description
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
CVSS vector
AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0
Affected Packages4 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-3p5c-p75q-mfgv: Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2↗2022-05-17
OSV▶
CVE-2010-2642: Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2↗2011-01-07
CVEList▶
CVE-2010-2642: Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2↗2011-01-07
📋Vendor Advisories
6💬Community
6Bugzilla▶
CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 t1lib various flaws [fedora-all]↗2012-01-10
Bugzilla▶
CVE-2010-2642 evince, t1lib: Heap based buffer overflow in DVI file AFM font parser [epel-5]↗2011-02-21
Bugzilla
▶
Bugzilla▶
CVE-2010-2641 CVE-2010-2642 CVE-2010-2640 CVE-2010-2643 evince various flaws [fedora-all]↗2011-01-06