CVE-2010-2642

Loading...

General

Score:7.6/10.0
Severity:High
Category:Buffer Error

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:High
Authentication:None

Relative vulnerabilities

CVE-2010-2640, CVE-2010-2641, CVE-2010-2643, CVE-2010-3702, CVE-2010-3704, CVE-2011-0433, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554, CVE-2011-5244

Published on 07/01/11 - Updated on 01/07/17

Description

Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

Category: Buffer Error

CWE-119 (Buffer Errors)
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Security Notices

US National Vulnerability DatabaseCVE-2010-2642
Amazon Linux ALAS-2012-40, ALAS-2012-48
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2011-AVI-005
CentOS CESA-2012:0062, CESA-2012:0137, CESA-2012:1201
Debian DSA-2357-1, DSA-2388-1
Oracle Linux ELSA-2011-0009, ELSA-2012-0062, ELSA-2012-0137, ELSA-2012-1201
Redhat RHSA-2011:0009, RHSA-2012:0062, RHSA-2012:0137
Renater 2011/VULN0015

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
redhatevince
t1libt1lib
tugtetex

Share this vulnerability with:

Twitter Facebook LinkedIn Mail