evince: arbitrary code execution [LWN.net]

Package(s):

evince

CVE #(s):

CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643

Created:

January 5, 2011

Updated:

January 30, 2012

Description:

From the Ubuntu advisory:

Jon Larimer discovered that Evince's font parsers incorrectly handled certain buffer lengths when rendering a DVI file. By tricking a user into opening or previewing a DVI file that uses a specially crafted font file, an attacker could crash evince or execute arbitrary code with the user's privileges.

Alerts:

Debian	DSA-2357-1	2011-12-03
Gentoo	201111-10	2011-11-20
SUSE	SUSE-SR:2011:005	2011-04-01
openSUSE	openSUSE-SU-2011:0140-1	2011-02-28
SUSE	SUSE-SR:2011:002	2011-01-25
Mandriva	MDVSA-2011:016	2011-01-21
Fedora	FEDORA-2011-0224	2011-01-07
Fedora	FEDORA-2011-0208	2011-01-07
Red Hat	RHSA-2011:0009-01	2011-01-06
Ubuntu	USN-1035-1	2011-01-05
Mandriva	MDVSA-2011:017	2011-01-21
openSUSE	openSUSE-SU-2011:0045-1	2011-01-19
Mandriva	MDVSA-2011:005	2011-01-13
Debian	DSA-2388-1	2012-01-14
Ubuntu	USN-1335-1	2012-01-19
Oracle	ELSA-2012-0062	2012-01-25
Red Hat	RHSA-2012:0062-01	2012-01-24
Scientific Linux	SL-t1li-20120125	2012-01-25
Fedora	FEDORA-2012-0289	2012-01-28
Fedora	FEDORA-2012-0266	2012-01-28
CentOS	CESA-2012:0062	2012-01-30
Red Hat	RHSA-2012:0137-01	2012-02-15
Scientific Linux	SL-texl-20120215	2012-02-15
CentOS	CESA-2012:0137	2012-02-16
Oracle	ELSA-2012-0137	2012-02-15
Slackware	SSA:2012-228-01	2012-08-15
Red Hat	RHSA-2012:1201-01	2012-08-23
CentOS	CESA-2012:1201	2012-08-23
Oracle	ELSA-2012-1201	2012-08-23
Scientific Linux	SL-tete-20120823	2012-08-23
Mandriva	MDVSA-2012:144	2012-08-28

(Log in to post comments)