exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2010-2641

Status Candidate

Overview

Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

Related Files

Debian Security Advisory 2357-1
Posted Dec 4, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2357-1 - Jon Larimer from IBM X-Force Advanced Research discovered multiple vulnerabilities in the DVI backend of the evince document viewer.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2010-2640, CVE-2010-2641, CVE-2010-2642, CVE-2010-264320
SHA-256 | 088bf1eb17fbe3e4dd8c9598fa2c61f2c3610609affe9540961885e186473e9e
Gentoo Linux Security Advisory 201111-10
Posted Nov 21, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201111-10 - Multiple vulnerabilities have been found in Evince, allowing remote attackers to execute arbitrary code or cause a Denial of Service. Versions less than 2.32.0-r2 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-2640, CVE-2010-2641, CVE-2010-2642, CVE-2010-2643
SHA-256 | 2d3af8e84dc45555188f97e7435cca181f767d116ac5c712ff3fc84b51a2268f
Mandriva Linux Security Advisory 2011-005
Posted Jan 14, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-005 - Array index error in the PK and VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2010-2640, CVE-2010-2641, CVE-2010-2642, CVE-2010-2643
SHA-256 | 8a323bca36e45ebc77d98eb8446f88075869ded4422a4035e079a4b5a1b2786e
Ubuntu Security Notice USN-1035-1
Posted Jan 6, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1035-1 - Jon Larimer discovered that Evince's font parsers incorrectly handled certain buffer lengths when rendering a DVI file. By tricking a user into opening or previewing a DVI file that uses a specially crafted font file, an attacker could crash evince or execute arbitrary code with the user's privileges. In the default installation of Ubuntu 9.10 and later, attackers would be isolated by the Evince AppArmor profile.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-2640, CVE-2010-2641, CVE-2010-2642, CVE-2010-2643
SHA-256 | e5d2935cdc580c2e43717bbc25c563ae6f614f3b797b3502ef719be947711347
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close