Summary
Detail | |||
---|---|---|---|
Vendor | Redhat | First view | 2011-01-07 |
Product | Evince | Last view | 2011-01-07 |
Version | 2.26 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:redhat:evince |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.6 | 2011-01-07 | CVE-2010-2643 | Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. |
7.6 | 2011-01-07 | CVE-2010-2642 | Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. |
7.6 | 2011-01-07 | CVE-2010-2641 | Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. |
7.6 | 2011-01-07 | CVE-2010-2640 | Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (2) | CWE-20 | Improper Input Validation |
25% (1) | CWE-189 | Numeric Errors |
25% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
70303 | Evince backend/dvi/mdvi-lib/tfmfile.c tfm_load_file() Function Overflow |
70302 | Evince backend/dvi/mdvi-lib/afmparse.c token() Function Overflow |
70301 | Evince backend/dvi/mdvi-lib/vf.c vf_load_font() Function Array Indexing Memor... |
70300 | Evince backend/dvi/mdvi-lib/pk.c pk_load_font() Function Array Indexing Memor... |
OpenVAS Exploits
id | Description |
---|---|
2012-09-10 | Name : Slackware Advisory SSA:2012-228-01 t1lib File : nvt/esoft_slk_ssa_2012_228_01.nasl |
2012-08-24 | Name : CentOS Update for tetex CESA-2012:1201 centos5 File : nvt/gb_CESA-2012_1201_tetex_centos5.nasl |
2012-08-24 | Name : RedHat Update for tetex RHSA-2012:1201-01 File : nvt/gb_RHSA-2012_1201-01_tetex.nasl |
2012-07-30 | Name : CentOS Update for t1lib CESA-2012:0062 centos6 File : nvt/gb_CESA-2012_0062_t1lib_centos6.nasl |
2012-07-30 | Name : CentOS Update for kpathsea CESA-2012:0137 centos6 File : nvt/gb_CESA-2012_0137_kpathsea_centos6.nasl |
2012-07-09 | Name : RedHat Update for t1lib RHSA-2012:0062-01 File : nvt/gb_RHSA-2012_0062-01_t1lib.nasl |
2012-07-09 | Name : RedHat Update for texlive RHSA-2012:0137-01 File : nvt/gb_RHSA-2012_0137-01_texlive.nasl |
2012-06-05 | Name : RedHat Update for evince RHSA-2011:0009-01 File : nvt/gb_RHSA-2011_0009-01_evince.nasl |
2012-03-19 | Name : Fedora Update for t1lib FEDORA-2012-0289 File : nvt/gb_fedora_2012_0289_t1lib_fc16.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201111-10 (evince) File : nvt/glsa_201111_10.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2388-1 (t1lib) File : nvt/deb_2388_1.nasl |
2012-02-01 | Name : Fedora Update for t1lib FEDORA-2012-0266 File : nvt/gb_fedora_2012_0266_t1lib_fc15.nasl |
2012-01-20 | Name : Ubuntu Update for t1lib USN-1335-1 File : nvt/gb_ubuntu_USN_1335_1.nasl |
2012-01-13 | Name : Mandriva Update for t1lib MDVSA-2012:004 (t1lib) File : nvt/gb_mandriva_MDVSA_2012_004.nasl |
2011-01-24 | Name : Mandriva Update for t1lib MDVSA-2011:016 (t1lib) File : nvt/gb_mandriva_MDVSA_2011_016.nasl |
2011-01-24 | Name : Mandriva Update for tetex MDVSA-2011:017 (tetex) File : nvt/gb_mandriva_MDVSA_2011_017.nasl |
2011-01-14 | Name : Fedora Update for evince FEDORA-2011-0224 File : nvt/gb_fedora_2011_0224_evince_fc13.nasl |
2011-01-14 | Name : Mandriva Update for evince MDVSA-2011:005 (evince) File : nvt/gb_mandriva_MDVSA_2011_005.nasl |
2011-01-11 | Name : Fedora Update for evince FEDORA-2011-0208 File : nvt/gb_fedora_2011_0208_evince_fc14.nasl |
2011-01-11 | Name : Ubuntu Update for evince vulnerabilities USN-1035-1 File : nvt/gb_ubuntu_USN_1035_1.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2017-01-24 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-57.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_t1lib-110111.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_evince-110105.nasl - Type: ACT_GATHER_INFO |
2013-09-04 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2012-40.nasl - Type: ACT_GATHER_INFO |
2013-09-04 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2012-48.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2012-1201.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2012-0137.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2012-0062.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2011-0009.nasl - Type: ACT_GATHER_INFO |
2012-08-24 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2012-1201.nasl - Type: ACT_GATHER_INFO |
2012-08-24 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20120823_tetex_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
2012-08-24 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2012-1201.nasl - Type: ACT_GATHER_INFO |
2012-08-16 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2012-228-01.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20120215_texlive_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20120124_t1lib_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20110106_evince_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
2012-02-17 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2012-0137.nasl - Type: ACT_GATHER_INFO |
2012-02-16 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2012-0137.nasl - Type: ACT_GATHER_INFO |
2012-01-31 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2012-0062.nasl - Type: ACT_GATHER_INFO |
2012-01-30 | Name: The remote Fedora host is missing a security update. File: fedora_2012-0289.nasl - Type: ACT_GATHER_INFO |
2012-01-30 | Name: The remote Fedora host is missing a security update. File: fedora_2012-0266.nasl - Type: ACT_GATHER_INFO |
2012-01-25 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2012-0062.nasl - Type: ACT_GATHER_INFO |
2012-01-20 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-1335-1.nasl - Type: ACT_GATHER_INFO |
2012-01-16 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2388.nasl - Type: ACT_GATHER_INFO |
2012-01-13 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2012-004.nasl - Type: ACT_GATHER_INFO |