RHSA-2011:0009: Moderate: evince security update

First published: Thu Jan 06 2011(Updated: )

Evince is a document viewer.<br>An array index error was found in the DeVice Independent (DVI) renderer's<br>PK and VF font file parsers. A DVI file that references a specially-crafted<br>font file could, when opened, cause Evince to crash or, potentially,<br>execute arbitrary code with the privileges of the user running Evince.<br>(CVE-2010-2640, CVE-2010-2641)<br>A heap-based buffer overflow flaw was found in the DVI renderer's AFM font<br>file parser. A DVI file that references a specially-crafted font file<br>could, when opened, cause Evince to crash or, potentially, execute<br>arbitrary code with the privileges of the user running Evince.<br>(CVE-2010-2642)<br>An integer overflow flaw was found in the DVI renderer's TFM font file<br>parser. A DVI file that references a specially-crafted font file could,<br>when opened, cause Evince to crash or, potentially, execute arbitrary code<br>with the privileges of the user running Evince. (CVE-2010-2643)<br>Note: The above issues are not exploitable unless an attacker can trick the<br>user into installing a malicious font file.<br>Red Hat would like to thank the Evince development team for reporting these<br>issues. Upstream acknowledges Jon Larimer of IBM X-Force as the original<br>reporter of these issues.<br>Users are advised to upgrade to these updated packages, which contain a<br>backported patch to correct these issues.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2011:0009
• agent/severity
• agent/title
• agent/weakness
• agent/references
• agent/tags
• agent/type
• agent/description
• agent/event
• agent/softwarecombine
• agent/first-publish-date
• agent/last-modified-date
• agent/remedy
• package-manager/redhat