Synopsis: Moderate: evince security update
Issue Date: 2011-01-06
CVE Numbers: CVE-2010-2640
CVE-2010-2641
CVE-2010-2642
CVE-2010-2643
—
Evince is a document viewer.
An array index error was found in the DeVice Independent (DVI) renderer’s
PK and VF font file parsers. A DVI file that references a specially-crafted
font file could, when opened, cause Evince to crash or, potentially,
execute arbitrary code with the privileges of the user running Evince.
(CVE-2010-2640, CVE-2010-2641)
A heap-based buffer overflow flaw was found in the DVI renderer’s AFM font
file parser. A DVI file that references a specially-crafted font file
could, when opened, cause Evince to crash or, potentially, execute
arbitrary code with the privileges of the user running Evince.
(CVE-2010-2642)
An integer overflow flaw was found in the DVI renderer’s TFM font file
parser. A DVI file that references a specially-crafted font file could,
when opened, cause Evince to crash or, potentially, execute arbitrary code
with the privileges of the user running Evince. (CVE-2010-2643)
Note: The above issues are not exploitable unless an attacker can trick the
user into installing a malicious font file.
Red Hat would like to thank the Evince development team for reporting these
issues. Upstream acknowledges Jon Larimer of IBM X-Force as the original
reporter of these issues.
Users are advised to upgrade to these updated packages, which contain a
backported patch to correct these issues.
—
SL6
x86_64
evince-2.28.2-14.el6_0.1.x86_64.rpm
evince-devel-2.28.2-14.el6_0.1.i686.rpm
evince-devel-2.28.2-14.el6_0.1.x86_64.rpm
evince-dvi-2.28.2-14.el6_0.1.x86_64.rpm
evince-libs-2.28.2-14.el6_0.1.i686.rpm
evince-libs-2.28.2-14.el6_0.1.x86_64.rpm
i386
evince-2.28.2-14.el6_0.1.i686.rpm
evince-devel-2.28.2-14.el6_0.1.i686.rpm
evince-dvi-2.28.2-14.el6_0.1.i686.rpm
evince-libs-2.28.2-14.el6_0.1.i686.rpm
– Scientific Linux Development Team
