Vulnerability Details : CVE-2010-2641
Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
Vulnerability category: Input validationExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-2641
Probability of exploitation activity in the next 30 days: 9.32%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2641
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST |
CWE ids for CVE-2010-2641
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2641
-
http://www.vupen.com/english/advisories/2011/0102
Webmail | OVH- OVH
-
http://www.ubuntu.com/usn/USN-1035-1
USN-1035-1: Evince vulnerabilities | Ubuntu security notices
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html
[SECURITY] Fedora 14 Update: evince-2.32.0-3.fc14
-
http://www.vupen.com/english/advisories/2011/0029
Webmail | OVH- OVHVendor Advisory
-
http://www.securityfocus.com/bid/45678
Evince Multiple Remote Code Execution Vulnerabilities
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html
[SECURITY] Fedora 13 Update: evince-2.30.3-2.fc13
-
http://www.debian.org/security/2011/dsa-2357
Debian -- Security Information -- DSA-2357-1 evince
-
https://bugzilla.redhat.com/show_bug.cgi?id=666314
666314 – (CVE-2010-2641) CVE-2010-2641 evince: Array index errror in DVI file VF font parserPatch
-
http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2
backends: Fix several security issues in the dvi-backend. (d4139205) · Commits · GNOME / evince · GitLabPatch
-
http://www.vupen.com/english/advisories/2011/0043
Webmail | OVH- OVHVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2011-0009.html
Support
-
http://www.vupen.com/english/advisories/2011/0056
Webmail | OVH- OVH
-
http://lists.mandriva.com/security-announce/2011-01/msg00006.php
mandriva.com
-
http://www.securitytracker.com/id?1024937
Evince Font Parsing Buffer Overflows Let Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.vupen.com/english/advisories/2011/0097
Webmail | OVH- OVH
Products affected by CVE-2010-2641
- cpe:2.3:a:redhat:evince:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.31.92:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.31.90:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.31.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.31.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.25:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.24:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.31.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.31.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.29:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.28:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.22:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.19:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.31.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.31.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.29.92:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.31:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.30:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.23:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.21:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.30.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.30.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.27:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.26:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:2.20:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:evince:0.1:*:*:*:*:*:*:*