cbcvebase.
CVE-2010-2643
published 2011-01-07

CVE-2010-2643: Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted…

PriorityP344high7.6CVSS 2.0
AVNACHAuNCCICAC
EPSS
5.99%
92.4th percentile
Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

Affected

39 ranges· showing 25
VendorProductVersion rangeFixed in
debianevince< evince 2.30.3-2 (bookworm)evince 2.30.3-2 (bookworm)
gnomeevince>= 0 < 2.30.3-22.30.3-2
gnomeevince>= 0 < 2.30.3-22.30.3-2
gnomeevince>= 0 < 2.30.3-22.30.3-2
gnomeevince>= 0 < 2.30.3-22.30.3-2
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince
redhatevince

CVSS provenance

nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.6HIGH
vendor_debian7.6HIGH
vendor_redhat7.6HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.