CVE-2010-2642

t1lib: Heap based buffer overflow in DVI file AFM font parser

Severity Score

7.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

Desbordamiento de búfer basado en memoria dinámica en el validador de fuentes AFM (AFM font parser) en el componente dvi-backend de Evince v2.32 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o puede que ejecutar código de su elección a través de una fuente manipulada junto con un fichero DVI que es procesado por el thumbnailer.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-07-06 CVE Reserved
2011-01-06 CVE Published
2023-08-28 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122: Heap-based Buffer Overflow

CAPEC

References (28)

URL	Tag	Source
http://secunia.com/advisories/42872	Third Party Advisory
http://www.securityfocus.com/bid/45678	Vdb Entry
http://www.securitytracker.com/id?1024937	Vdb Entry
http://www.vupen.com/english/advisories/2011/0056	Vdb Entry
http://www.vupen.com/english/advisories/2011/0097	Vdb Entry
http://www.vupen.com/english/advisories/2011/0102	Vdb Entry
http://www.vupen.com/english/advisories/2011/0193	Vdb Entry
http://www.vupen.com/english/advisories/2011/0194	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2	2017-07-01
https://bugzilla.redhat.com/show_bug.cgi?id=666318	2012-08-23

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html	2017-07-01
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html	2017-07-01
http://lists.mandriva.com/security-announce/2011-01/msg00006.php	2017-07-01
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html	2017-07-01
http://rhn.redhat.com/errata/RHSA-2012-1201.html	2017-07-01
http://secunia.com/advisories/42769	2017-07-01
http://secunia.com/advisories/42821	2017-07-01
http://secunia.com/advisories/42847	2017-07-01
http://www.debian.org/security/2011/dsa-2357	2017-07-01
http://www.mandriva.com/security/advisories?name=MDVSA-2011:016	2017-07-01
http://www.mandriva.com/security/advisories?name=MDVSA-2011:017	2017-07-01
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144	2017-07-01
http://www.redhat.com/support/errata/RHSA-2011-0009.html	2017-07-01
http://www.ubuntu.com/usn/USN-1035-1	2017-07-01
http://www.vupen.com/english/advisories/2011/0029	2017-07-01
http://www.vupen.com/english/advisories/2011/0043	2017-07-01
https://security.gentoo.org/glsa/201701-57	2017-07-01
https://access.redhat.com/security/cve/CVE-2010-2642	2012-08-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				<= 2.32 Search vendor "Redhat" for product "Evince" and version " <= 2.32"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				0.1 Search vendor "Redhat" for product "Evince" and version "0.1"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				0.2 Search vendor "Redhat" for product "Evince" and version "0.2"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				0.3 Search vendor "Redhat" for product "Evince" and version "0.3"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				0.4 Search vendor "Redhat" for product "Evince" and version "0.4"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				0.5 Search vendor "Redhat" for product "Evince" and version "0.5"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				0.6 Search vendor "Redhat" for product "Evince" and version "0.6"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				0.7 Search vendor "Redhat" for product "Evince" and version "0.7"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				0.8 Search vendor "Redhat" for product "Evince" and version "0.8"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				0.9 Search vendor "Redhat" for product "Evince" and version "0.9"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.19 Search vendor "Redhat" for product "Evince" and version "2.19"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.20 Search vendor "Redhat" for product "Evince" and version "2.20"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.21 Search vendor "Redhat" for product "Evince" and version "2.21"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.22 Search vendor "Redhat" for product "Evince" and version "2.22"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.23 Search vendor "Redhat" for product "Evince" and version "2.23"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.24 Search vendor "Redhat" for product "Evince" and version "2.24"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.25 Search vendor "Redhat" for product "Evince" and version "2.25"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.26 Search vendor "Redhat" for product "Evince" and version "2.26"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.27 Search vendor "Redhat" for product "Evince" and version "2.27"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.28 Search vendor "Redhat" for product "Evince" and version "2.28"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.29 Search vendor "Redhat" for product "Evince" and version "2.29"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.29.92 Search vendor "Redhat" for product "Evince" and version "2.29.92"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.30 Search vendor "Redhat" for product "Evince" and version "2.30"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.30.2 Search vendor "Redhat" for product "Evince" and version "2.30.2"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.30.3 Search vendor "Redhat" for product "Evince" and version "2.30.3"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.31 Search vendor "Redhat" for product "Evince" and version "2.31"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.31.1 Search vendor "Redhat" for product "Evince" and version "2.31.1"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.31.2 Search vendor "Redhat" for product "Evince" and version "2.31.2"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.31.4 Search vendor "Redhat" for product "Evince" and version "2.31.4"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.31.4.1 Search vendor "Redhat" for product "Evince" and version "2.31.4.1"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.31.6 Search vendor "Redhat" for product "Evince" and version "2.31.6"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.31.6.1 Search vendor "Redhat" for product "Evince" and version "2.31.6.1"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.31.90 Search vendor "Redhat" for product "Evince" and version "2.31.90"		-		Affected
Redhat Search vendor "Redhat"		Evince Search vendor "Redhat" for product "Evince"				2.31.92 Search vendor "Redhat" for product "Evince" and version "2.31.92"		-		Affected
T1lib Search vendor "T1lib"		T1lib Search vendor "T1lib" for product "T1lib"				5.1.2 Search vendor "T1lib" for product "T1lib" and version "5.1.2"		-		Affected
Tug Search vendor "Tug"		Tetex Search vendor "Tug" for product "Tetex"				3.0 Search vendor "Tug" for product "Tetex" and version "3.0"		-		Affected