Executive Summary
Summary | |
---|---|
Title | Evince vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-1035-1 | First vendor Publication | 2011-01-05 |
Vendor | Ubuntu | Last vendor Modification | 2011-01-05 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.6 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: Ubuntu 9.10: Ubuntu 10.04 LTS: Ubuntu 10.10: In general, a standard system update will make all the necessary changes. Details follow: Jon Larimer discovered that Evince's font parsers incorrectly handled certain buffer lengths when rendering a DVI file. By tricking a user into opening or previewing a DVI file that uses a specially crafted font file, an attacker could crash evince or execute arbitrary code with the user's privileges. In the default installation of Ubuntu 9.10 and later, attackers would be isolated by the Evince AppArmor profile. |
Original Source
Url : http://www.ubuntu.com/usn/USN-1035-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-20 | Improper Input Validation |
25 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15071 | |||
Oval ID: | oval:org.mitre.oval:def:15071 | ||
Title: | DSA-2357-1 evince -- several | ||
Description: | Jon Larimer from IBM X-Force Advanced Research discovered multiple vulnerabilities in the DVI backend of the evince document viewer: CVE-2010-2640 Insuficient array bounds checks in the PK fonts parser could lead to function pointer overwrite, causing arbitrary code execution. CVE-2010-2641 Insuficient array bounds checks in the PK fonts parser could lead to function pointer overwrite, causing arbitrary code execution. CVE-2010-2642 Insuficient bounds checks in the AFM fonts parser when writing data to a memory buffer allocated on heap could lead to arbitrary memory overwrite and arbitrary code execution. CVE-2010-2643 Insuficient check on an integer used as a size for memory allocation can lead to arbitrary write outside the allocated range and cause arbitrary code execution. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2357-1 CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | evince |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21458 | |||
Oval ID: | oval:org.mitre.oval:def:21458 | ||
Title: | RHSA-2011:0009: evince security update (Moderate) | ||
Description: | Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0009-01 CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 | Version: | 55 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | evince |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23578 | |||
Oval ID: | oval:org.mitre.oval:def:23578 | ||
Title: | ELSA-2011:0009: evince security update (Moderate) | ||
Description: | Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0009-01 CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 | Version: | 21 |
Platform(s): | Oracle Linux 6 | Product(s): | evince |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27964 | |||
Oval ID: | oval:org.mitre.oval:def:27964 | ||
Title: | DEPRECATED: ELSA-2011-0009 -- evince security update (moderate) | ||
Description: | [2.28.2-14.el6_0.1] - Fixes CVE-2010-2640, CVE-2010-2641, CVE-2010-2642 and CVE-2010-2643 - Resolves: #666323 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0009 CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | evince |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-09-10 | Name : Slackware Advisory SSA:2012-228-01 t1lib File : nvt/esoft_slk_ssa_2012_228_01.nasl |
2012-08-24 | Name : CentOS Update for tetex CESA-2012:1201 centos5 File : nvt/gb_CESA-2012_1201_tetex_centos5.nasl |
2012-08-24 | Name : RedHat Update for tetex RHSA-2012:1201-01 File : nvt/gb_RHSA-2012_1201-01_tetex.nasl |
2012-07-30 | Name : CentOS Update for t1lib CESA-2012:0062 centos6 File : nvt/gb_CESA-2012_0062_t1lib_centos6.nasl |
2012-07-30 | Name : CentOS Update for kpathsea CESA-2012:0137 centos6 File : nvt/gb_CESA-2012_0137_kpathsea_centos6.nasl |
2012-07-09 | Name : RedHat Update for t1lib RHSA-2012:0062-01 File : nvt/gb_RHSA-2012_0062-01_t1lib.nasl |
2012-07-09 | Name : RedHat Update for texlive RHSA-2012:0137-01 File : nvt/gb_RHSA-2012_0137-01_texlive.nasl |
2012-06-05 | Name : RedHat Update for evince RHSA-2011:0009-01 File : nvt/gb_RHSA-2011_0009-01_evince.nasl |
2012-03-19 | Name : Fedora Update for t1lib FEDORA-2012-0289 File : nvt/gb_fedora_2012_0289_t1lib_fc16.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201111-10 (evince) File : nvt/glsa_201111_10.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2388-1 (t1lib) File : nvt/deb_2388_1.nasl |
2012-02-01 | Name : Fedora Update for t1lib FEDORA-2012-0266 File : nvt/gb_fedora_2012_0266_t1lib_fc15.nasl |
2012-01-20 | Name : Ubuntu Update for t1lib USN-1335-1 File : nvt/gb_ubuntu_USN_1335_1.nasl |
2012-01-13 | Name : Mandriva Update for t1lib MDVSA-2012:004 (t1lib) File : nvt/gb_mandriva_MDVSA_2012_004.nasl |
2011-01-24 | Name : Mandriva Update for t1lib MDVSA-2011:016 (t1lib) File : nvt/gb_mandriva_MDVSA_2011_016.nasl |
2011-01-24 | Name : Mandriva Update for tetex MDVSA-2011:017 (tetex) File : nvt/gb_mandriva_MDVSA_2011_017.nasl |
2011-01-14 | Name : Fedora Update for evince FEDORA-2011-0224 File : nvt/gb_fedora_2011_0224_evince_fc13.nasl |
2011-01-14 | Name : Mandriva Update for evince MDVSA-2011:005 (evince) File : nvt/gb_mandriva_MDVSA_2011_005.nasl |
2011-01-11 | Name : Fedora Update for evince FEDORA-2011-0208 File : nvt/gb_fedora_2011_0208_evince_fc14.nasl |
2011-01-11 | Name : Ubuntu Update for evince vulnerabilities USN-1035-1 File : nvt/gb_ubuntu_USN_1035_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70303 | Evince backend/dvi/mdvi-lib/tfmfile.c tfm_load_file() Function Overflow A memory corruption flaw exists in Evince. The 'tfm_load_file()' function in 'backend/dvi/mdvi-lib/tfmfile.c' suffers from an integer overflow error when parsing TFM font files, resulting in memory corruption. With a specially crafted DVI file, a context-dependent attacker can execute arbitrary code. |
70302 | Evince backend/dvi/mdvi-lib/afmparse.c token() Function Overflow Evince is prone to an overflow condition. The 'token()' function in 'backend/dvi/mdvi-lib/afmparse.c' fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted DVI file, a context-dependent attacker can potentially execute arbitrary code. |
70301 | Evince backend/dvi/mdvi-lib/vf.c vf_load_font() Function Array Indexing Memor... A memory corruption flaw exists in Evince. The 'vf_load_font()' function in 'backend/dvi/mdvi-lib/vf.c' fails to sanitize user-supplied input when parsing VF font files, resulting in memory corruption. With a specially crafted DVI file, a context-dependent attacker can execute arbitrary code. |
70300 | Evince backend/dvi/mdvi-lib/pk.c pk_load_font() Function Array Indexing Memor... A memory corruption flaw exists in Evince. The 'pk_load_font()' function in 'backend/dvi/mdvi-lib/pk.c' fails to sanitize user-supplied input when parsing PK font files, resulting in memory corruption. With a specially crafted DVI file, a context-dependent attacker can execute arbitrary code. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-01-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201701-57.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_t1lib-110111.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_evince-110105.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-40.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-48.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1201.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0137.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0062.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0009.nasl - Type : ACT_GATHER_INFO |
2012-08-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1201.nasl - Type : ACT_GATHER_INFO |
2012-08-24 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120823_tetex_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1201.nasl - Type : ACT_GATHER_INFO |
2012-08-16 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2012-228-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120215_texlive_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120124_t1lib_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110106_evince_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-02-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0137.nasl - Type : ACT_GATHER_INFO |
2012-02-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0137.nasl - Type : ACT_GATHER_INFO |
2012-01-31 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0062.nasl - Type : ACT_GATHER_INFO |
2012-01-30 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0289.nasl - Type : ACT_GATHER_INFO |
2012-01-30 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0266.nasl - Type : ACT_GATHER_INFO |
2012-01-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0062.nasl - Type : ACT_GATHER_INFO |
2012-01-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1335-1.nasl - Type : ACT_GATHER_INFO |
2012-01-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2388.nasl - Type : ACT_GATHER_INFO |
2012-01-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-004.nasl - Type : ACT_GATHER_INFO |
2011-12-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2357.nasl - Type : ACT_GATHER_INFO |
2011-11-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201111-10.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_evince-110105.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_t1lib-110111.nasl - Type : ACT_GATHER_INFO |
2011-03-01 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_t1lib-110111.nasl - Type : ACT_GATHER_INFO |
2011-02-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_xpdf-tools-110126.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-017.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-016.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-005.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_evince-110105.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_evince-7309.nasl - Type : ACT_GATHER_INFO |
2011-01-12 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0224.nasl - Type : ACT_GATHER_INFO |
2011-01-10 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0208.nasl - Type : ACT_GATHER_INFO |
2011-01-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0009.nasl - Type : ACT_GATHER_INFO |
2011-01-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1035-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:58:08 |
|