Executive Summary
Summary | |
---|---|
Title | evince security update |
Informations | |||
---|---|---|---|
Name | DSA-2357 | First vendor Publication | 2011-12-03 |
Vendor | Debian | Last vendor Modification | 2011-12-03 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.6 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Jon Larimer from IBM X-Force Advanced Research discovered multiple vulnerabilities in the DVI backend of the evince document viewer: CVE-2010-2640 Insuficient array bounds checks in the PK fonts parser could lead to function pointer overwrite, causing arbitrary code execution. CVE-2010-2641 Insuficient array bounds checks in the PK fonts parser could lead to function pointer overwrite, causing arbitrary code execution. CVE-2010-2642 Insuficient bounds checks in the AFM fonts parser when writing data to a memory buffer allocated on heap could lead to arbitrary memory overwrite and arbitrary code execution. CVE-2010-2643 Insuficient check on an integer used as a size for memory allocation can lead to arbitrary write outside the allocated range and cause arbitrary code execution. For the oldstable distribution (lenny), this problem has been fixed in version 2.22.2-4~lenny2. For the stable distribution (squeeze), CVE-2010-2640, CVE-2010-2641 and CVE-2010-2643 have been fixed in version 2.30.3-2 but the fix for CVE-2010-2642 was incomplete. The final fix is present in version 2.30.3-2+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 3.0.2. For the unstable distribution (sid), this problem has been fixed in version 3.0.2. We recommend that you upgrade your evince packages. |
Original Source
Url : http://www.debian.org/security/2011/dsa-2357 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-20 | Improper Input Validation |
25 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15071 | |||
Oval ID: | oval:org.mitre.oval:def:15071 | ||
Title: | DSA-2357-1 evince -- several | ||
Description: | Jon Larimer from IBM X-Force Advanced Research discovered multiple vulnerabilities in the DVI backend of the evince document viewer: CVE-2010-2640 Insuficient array bounds checks in the PK fonts parser could lead to function pointer overwrite, causing arbitrary code execution. CVE-2010-2641 Insuficient array bounds checks in the PK fonts parser could lead to function pointer overwrite, causing arbitrary code execution. CVE-2010-2642 Insuficient bounds checks in the AFM fonts parser when writing data to a memory buffer allocated on heap could lead to arbitrary memory overwrite and arbitrary code execution. CVE-2010-2643 Insuficient check on an integer used as a size for memory allocation can lead to arbitrary write outside the allocated range and cause arbitrary code execution. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2357-1 CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | evince |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21458 | |||
Oval ID: | oval:org.mitre.oval:def:21458 | ||
Title: | RHSA-2011:0009: evince security update (Moderate) | ||
Description: | Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0009-01 CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 | Version: | 55 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | evince |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23578 | |||
Oval ID: | oval:org.mitre.oval:def:23578 | ||
Title: | ELSA-2011:0009: evince security update (Moderate) | ||
Description: | Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0009-01 CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 | Version: | 21 |
Platform(s): | Oracle Linux 6 | Product(s): | evince |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27964 | |||
Oval ID: | oval:org.mitre.oval:def:27964 | ||
Title: | DEPRECATED: ELSA-2011-0009 -- evince security update (moderate) | ||
Description: | [2.28.2-14.el6_0.1] - Fixes CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643 - Resolves: #666323 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0009 CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | evince |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-09-10 | Name : Slackware Advisory SSA:2012-228-01 t1lib File : nvt/esoft_slk_ssa_2012_228_01.nasl |
2012-08-24 | Name : CentOS Update for tetex CESA-2012:1201 centos5 File : nvt/gb_CESA-2012_1201_tetex_centos5.nasl |
2012-08-24 | Name : RedHat Update for tetex RHSA-2012:1201-01 File : nvt/gb_RHSA-2012_1201-01_tetex.nasl |
2012-07-30 | Name : CentOS Update for t1lib CESA-2012:0062 centos6 File : nvt/gb_CESA-2012_0062_t1lib_centos6.nasl |
2012-07-30 | Name : CentOS Update for kpathsea CESA-2012:0137 centos6 File : nvt/gb_CESA-2012_0137_kpathsea_centos6.nasl |
2012-07-09 | Name : RedHat Update for t1lib RHSA-2012:0062-01 File : nvt/gb_RHSA-2012_0062-01_t1lib.nasl |
2012-07-09 | Name : RedHat Update for texlive RHSA-2012:0137-01 File : nvt/gb_RHSA-2012_0137-01_texlive.nasl |
2012-06-05 | Name : RedHat Update for evince RHSA-2011:0009-01 File : nvt/gb_RHSA-2011_0009-01_evince.nasl |
2012-03-19 | Name : Fedora Update for t1lib FEDORA-2012-0289 File : nvt/gb_fedora_2012_0289_t1lib_fc16.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201111-10 (evince) File : nvt/glsa_201111_10.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2388-1 (t1lib) File : nvt/deb_2388_1.nasl |
2012-02-01 | Name : Fedora Update for t1lib FEDORA-2012-0266 File : nvt/gb_fedora_2012_0266_t1lib_fc15.nasl |
2012-01-20 | Name : Ubuntu Update for t1lib USN-1335-1 File : nvt/gb_ubuntu_USN_1335_1.nasl |
2012-01-13 | Name : Mandriva Update for t1lib MDVSA-2012:004 (t1lib) File : nvt/gb_mandriva_MDVSA_2012_004.nasl |
2011-01-24 | Name : Mandriva Update for t1lib MDVSA-2011:016 (t1lib) File : nvt/gb_mandriva_MDVSA_2011_016.nasl |
2011-01-24 | Name : Mandriva Update for tetex MDVSA-2011:017 (tetex) File : nvt/gb_mandriva_MDVSA_2011_017.nasl |
2011-01-14 | Name : Fedora Update for evince FEDORA-2011-0224 File : nvt/gb_fedora_2011_0224_evince_fc13.nasl |
2011-01-14 | Name : Mandriva Update for evince MDVSA-2011:005 (evince) File : nvt/gb_mandriva_MDVSA_2011_005.nasl |
2011-01-11 | Name : Fedora Update for evince FEDORA-2011-0208 File : nvt/gb_fedora_2011_0208_evince_fc14.nasl |
2011-01-11 | Name : Ubuntu Update for evince vulnerabilities USN-1035-1 File : nvt/gb_ubuntu_USN_1035_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70303 | Evince backend/dvi/mdvi-lib/tfmfile.c tfm_load_file() Function Overflow A memory corruption flaw exists in Evince. The 'tfm_load_file()' function in 'backend/dvi/mdvi-lib/tfmfile.c' suffers from an integer overflow error when parsing TFM font files, resulting in memory corruption. With a specially crafted DVI file, a context-dependent attacker can execute arbitrary code. |
70302 | Evince backend/dvi/mdvi-lib/afmparse.c token() Function Overflow Evince is prone to an overflow condition. The 'token()' function in 'backend/dvi/mdvi-lib/afmparse.c' fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted DVI file, a context-dependent attacker can potentially execute arbitrary code. |
70301 | Evince backend/dvi/mdvi-lib/vf.c vf_load_font() Function Array Indexing Memor... A memory corruption flaw exists in Evince. The 'vf_load_font()' function in 'backend/dvi/mdvi-lib/vf.c' fails to sanitize user-supplied input when parsing VF font files, resulting in memory corruption. With a specially crafted DVI file, a context-dependent attacker can execute arbitrary code. |
70300 | Evince backend/dvi/mdvi-lib/pk.c pk_load_font() Function Array Indexing Memor... A memory corruption flaw exists in Evince. The 'pk_load_font()' function in 'backend/dvi/mdvi-lib/pk.c' fails to sanitize user-supplied input when parsing PK font files, resulting in memory corruption. With a specially crafted DVI file, a context-dependent attacker can execute arbitrary code. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-01-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201701-57.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_t1lib-110111.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_evince-110105.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-40.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-48.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1201.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0137.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0062.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0009.nasl - Type : ACT_GATHER_INFO |
2012-08-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1201.nasl - Type : ACT_GATHER_INFO |
2012-08-24 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120823_tetex_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1201.nasl - Type : ACT_GATHER_INFO |
2012-08-16 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2012-228-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120215_texlive_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120124_t1lib_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110106_evince_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-02-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0137.nasl - Type : ACT_GATHER_INFO |
2012-02-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0137.nasl - Type : ACT_GATHER_INFO |
2012-01-31 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0062.nasl - Type : ACT_GATHER_INFO |
2012-01-30 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0289.nasl - Type : ACT_GATHER_INFO |
2012-01-30 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0266.nasl - Type : ACT_GATHER_INFO |
2012-01-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0062.nasl - Type : ACT_GATHER_INFO |
2012-01-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1335-1.nasl - Type : ACT_GATHER_INFO |
2012-01-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2388.nasl - Type : ACT_GATHER_INFO |
2012-01-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-004.nasl - Type : ACT_GATHER_INFO |
2011-12-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2357.nasl - Type : ACT_GATHER_INFO |
2011-11-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201111-10.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_evince-110105.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_t1lib-110111.nasl - Type : ACT_GATHER_INFO |
2011-03-01 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_t1lib-110111.nasl - Type : ACT_GATHER_INFO |
2011-02-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_xpdf-tools-110126.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-017.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-016.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-005.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_evince-110105.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_evince-7309.nasl - Type : ACT_GATHER_INFO |
2011-01-12 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0224.nasl - Type : ACT_GATHER_INFO |
2011-01-10 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0208.nasl - Type : ACT_GATHER_INFO |
2011-01-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0009.nasl - Type : ACT_GATHER_INFO |
2011-01-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1035-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:30:37 |
|