CVE-2010-2643
published 2011-01-07CVE-2010-2643: Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted…
PriorityP344high7.6CVSS 2.0
AVNACHAuNCCICAC
EPSS
5.99%
92.4th percentile
Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
Affected
39 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | evince | < evince 2.30.3-2 (bookworm) | evince 2.30.3-2 (bookworm) |
| gnome | evince | >= 0 < 2.30.3-2 | 2.30.3-2 |
| gnome | evince | >= 0 < 2.30.3-2 | 2.30.3-2 |
| gnome | evince | >= 0 < 2.30.3-2 | 2.30.3-2 |
| gnome | evince | >= 0 < 2.30.3-2 | 2.30.3-2 |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
| redhat | evince | — | — |
CVSS provenance
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.6HIGH
vendor_debian7.6HIGH
vendor_redhat7.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pgxj-rq3f-m3h9: Integer overflow in the TFM font parser in the dvi-backend component in Evince 2
ghsa_unreviewed·2022-05-17
CVE-2010-2643 [HIGH] GHSA-pgxj-rq3f-m3h9: Integer overflow in the TFM font parser in the dvi-backend component in Evince 2
Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
OSV
CVE-2010-2643: Integer overflow in the TFM font parser in the dvi-backend component in Evince 2
osv·2011-01-07·CVSS 7.6
CVE-2010-2643 [HIGH] CVE-2010-2643: Integer overflow in the TFM font parser in the dvi-backend component in Evince 2
Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
Red Hat
evince: Integer overflow in DVI file TFM font parser
vendor_redhat·2011-01-05·CVSS 7.6
CVE-2010-2643 [HIGH] CWE-190 evince: Integer overflow in DVI file TFM font parser
evince: Integer overflow in DVI file TFM font parser
Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
Statement: This issue did not affect the versions of evince as shipped with Red Hat
Enterprise Linux 5.
Package: evince (Red Hat Enterprise Linux 5) - Not affected
Ubuntu
Evince vulnerabilities
vendor_ubuntu·2011-01-05
CVE-2010-2643 Evince vulnerabilities
Title: Evince vulnerabilities
Jon Larimer discovered that Evince's font parsers incorrectly handled
certain buffer lengths when rendering a DVI file. By tricking a user into
opening or previewing a DVI file that uses a specially crafted font file,
an attacker could crash evince or execute arbitrary code with the user's
privileges.
In the default installation of Ubuntu 9.10 and later, attackers would be
isolated by the Evince AppArmor profile.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2010-2643: evince - Integer overflow in the TFM font parser in the dvi-backend component in Evince 2...
vendor_debian·2010·CVSS 7.6
CVE-2010-2643 [HIGH] CVE-2010-2643: evince - Integer overflow in the TFM font parser in the dvi-backend component in Evince 2...
Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
Scope: local
bookworm: resolved (fixed in 2.30.3-2)
bullseye: resolved (fixed in 2.30.3-2)
forky: resolved (fixed in 2.30.3-2)
sid: resolved (fixed in 2.30.3-2)
trixie: resolved (fixed in 2.30.3-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-2641 CVE-2010-2642 CVE-2010-2640 CVE-2010-2643 evince various flaws [fedora-all]
bugzilla·2011-01-06·CVSS 7.6
CVE-2010-2641 [HIGH] CVE-2010-2641 CVE-2010-2642 CVE-2010-2640 CVE-2010-2643 evince various flaws [fedora-all]
CVE-2010-2641 CVE-2010-2642 CVE-2010-2640 CVE-2010-2643 evince various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=666314
Please note: this issue a
Bugzilla
CVE-2010-2643 evince: Integer overflow in DVI file TFM font parser
bugzilla·2010-12-30·CVSS 7.6
CVE-2010-2643 [HIGH] CVE-2010-2643 evince: Integer overflow in DVI file TFM font parser
CVE-2010-2643 evince: Integer overflow in DVI file TFM font parser
An integer overflow vulnerability was found in the parser for TFM
font files, which are used for rendering DVI files, in the GNOME
evince document viewer that can lead to local or remote code execution.
Due to insufficient checks on the value of an integer used as the size
for a memory allocation, it's possible to write data beyond the bounds
of the allocated memory and overwrite a function pointer, leading to
code execution.
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2643 to
this issue.
The vulnerability is present in the code that handles loading of fonts used by
DVI files.To exploit you need two files, a DVI file and the malicious font.
The vulnerability is triggered not only by opening the d
http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.htmlhttp://lists.mandriva.com/security-announce/2011-01/msg00006.phphttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://secunia.com/advisories/42769http://secunia.com/advisories/42821http://secunia.com/advisories/42847http://secunia.com/advisories/42872http://secunia.com/advisories/43068http://www.debian.org/security/2011/dsa-2357http://www.redhat.com/support/errata/RHSA-2011-0009.htmlhttp://www.securityfocus.com/bid/45678http://www.securitytracker.com/id?1024937http://www.ubuntu.com/usn/USN-1035-1http://www.vupen.com/english/advisories/2011/0029http://www.vupen.com/english/advisories/2011/0043http://www.vupen.com/english/advisories/2011/0056http://www.vupen.com/english/advisories/2011/0097http://www.vupen.com/english/advisories/2011/0102http://www.vupen.com/english/advisories/2011/0212https://bugzilla.redhat.com/show_bug.cgi?id=666321http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.htmlhttp://lists.mandriva.com/security-announce/2011-01/msg00006.phphttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://secunia.com/advisories/42769http://secunia.com/advisories/42821http://secunia.com/advisories/42847http://secunia.com/advisories/42872http://secunia.com/advisories/43068http://www.debian.org/security/2011/dsa-2357http://www.redhat.com/support/errata/RHSA-2011-0009.htmlhttp://www.securityfocus.com/bid/45678http://www.securitytracker.com/id?1024937http://www.ubuntu.com/usn/USN-1035-1http://www.vupen.com/english/advisories/2011/0029http://www.vupen.com/english/advisories/2011/0043http://www.vupen.com/english/advisories/2011/0056http://www.vupen.com/english/advisories/2011/0097http://www.vupen.com/english/advisories/2011/0102http://www.vupen.com/english/advisories/2011/0212https://bugzilla.redhat.com/show_bug.cgi?id=666321
2011-01-07
Published