#VU33874 Input validation error in Evince - CVE-2010-2643
Vulnerability identifier: #VU33874
Vulnerability risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Evince
Client/Desktop applications /
Multimedia software
Vendor: Gnome Development Team
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Evince: 0.5.2-3
External links
https://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2
https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html
https://lists.mandriva.com/security-announce/2011-01/msg00006.php
https://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
https://secunia.com/advisories/42769
https://secunia.com/advisories/42821
https://secunia.com/advisories/42847
https://secunia.com/advisories/42872
https://secunia.com/advisories/43068
https://www.debian.org/security/2011/dsa-2357
https://www.redhat.com/support/errata/RHSA-2011-0009.html
https://www.securityfocus.com/bid/45678
https://www.securitytracker.com/id?1024937
https://www.ubuntu.com/usn/USN-1035-1
https://www.vupen.com/english/advisories/2011/0029
https://www.vupen.com/english/advisories/2011/0043
https://www.vupen.com/english/advisories/2011/0056
https://www.vupen.com/english/advisories/2011/0097
https://www.vupen.com/english/advisories/2011/0102
https://www.vupen.com/english/advisories/2011/0212
https://bugzilla.redhat.com/show_bug.cgi?id=666321
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
