Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2010-2643 |
CWE-ID | CWE-20 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Evince Client/Desktop applications / Multimedia software |
Vendor | Gnome Development Team |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU33874
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2010-2643
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
MitigationInstall update from vendor's website.
Vulnerable software versionsEvince: 0.5.2-3
CPE2.3 External linkshttps://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2
https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html
https://lists.mandriva.com/security-announce/2011-01/msg00006.php
https://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
https://secunia.com/advisories/42769
https://secunia.com/advisories/42821
https://secunia.com/advisories/42847
https://secunia.com/advisories/42872
https://secunia.com/advisories/43068
https://www.debian.org/security/2011/dsa-2357
https://www.redhat.com/support/errata/RHSA-2011-0009.html
https://www.securityfocus.com/bid/45678
https://www.securitytracker.com/id?1024937
https://www.ubuntu.com/usn/USN-1035-1
https://www.vupen.com/english/advisories/2011/0029
https://www.vupen.com/english/advisories/2011/0043
https://www.vupen.com/english/advisories/2011/0056
https://www.vupen.com/english/advisories/2011/0097
https://www.vupen.com/english/advisories/2011/0102
https://www.vupen.com/english/advisories/2011/0212
https://bugzilla.redhat.com/show_bug.cgi?id=666321
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.