Published on 07/01/11 - Updated on 01/07/17
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
CWE-119 (Buffer Errors)
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
|CESA-2012:0062, CESA-2012:0137, CESA-2012:1201|
|ELSA-2011-0009, ELSA-2012-0062, ELSA-2012-0137, ELSA-2012-1201|
|RHSA-2011:0009, RHSA-2012:0062, RHSA-2012:0137|
No exploits available for this CVE in our database.