Lucene search
Gentoo FoundationGLSA-201111-10HistoryNov 20, 2011 - 12:00 a.m.
Evince: Multiple vulnerabilities
2011-11-2000:00:00
Gentoo Foundation
security.gentoo.org
8
0.112 Low
EPSS
Percentile
95.2%
Background
Evince is a document viewer for multiple document formats, including PostScript.
Description
Multiple vulnerabilities have been discovered in Evince. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could entice a user to load a DVI file with a specially crafted font, resulting in the execution of arbitrary code with the privileges of the user running the application or a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All Evince users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/evince-2.32.0-r2"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since April 26, 2011. It is likely that your system is already no longer affected by this issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | app-text/evince | < 2.32.0-r2 | UNKNOWN |
Related
securityvulns
securityvulns
[USN-1035-1] Evince vulnerabilities
2011-01-07 00:00:00
evince buffer overflows
2011-01-07 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: evince-2.30.3-2.fc13
2011-01-12 05:23:01
[SECURITY] Fedora 14 Update: evince-2.32.0-3.fc14
2011-01-08 21:26:09
[SECURITY] Fedora 16 Update: t1lib-5.1.2-9.fc16
2012-01-28 03:23:39
nessus
nessus
Fedora 13 : evince-2.30.3-2.fc13 (2011-0224)
2011-01-12 00:00:00
Scientific Linux Security Update : evince on SL6.x i386/x86_64
2012-08-01 00:00:00
Debian DSA-2357-1 : evince - several vulnerabilities
2011-12-05 00:00:00
openvas
openvas
Mandriva Update for evince MDVSA-2011:005 (evince)
2011-01-14 00:00:00
Fedora Update for evince FEDORA-2011-0208
2011-01-11 00:00:00
Mandriva Update for evince MDVSA-2011:005 (evince)
2011-01-14 00:00:00
oraclelinux
oraclelinux
evince security update
2011-02-10 00:00:00
texlive security update
2012-02-15 00:00:00
t1lib security update
2012-01-24 00:00:00
redhat
redhat
(RHSA-2011:0009) Moderate: evince security update
2011-01-06 00:00:00
(RHSA-2012:0062) Moderate: t1lib security update
2012-01-24 00:00:00
(RHSA-2012:0137) Moderate: texlive security update
2012-02-15 00:00:00
osv
osv
evince - several
2011-12-03 00:00:00
t1lib - several
2012-01-14 00:00:00
ubuntu
ubuntu
Evince vulnerabilities
2011-01-05 00:00:00
t1lib vulnerabilities
2012-01-19 00:00:00
debian
debian
[SECURITY] [DSA 2357-1] evince security update
2011-12-04 10:54:47
[SECURITY] [DSA 2388-1] t1lib security update
2012-01-15 10:26:10
prion
prion
Integer overflow
2011-01-07 19:00:00
Heap overflow
2011-01-07 19:00:00
Design/Logic Flaw
2011-01-07 19:00:00
cvelist
cvelist
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:07:01
cve
cve
ubuntucve
ubuntucve
debiancve
debiancve
cbl_mariner
cbl_mariner
CVE-2010-2642 affecting package t1lib 5.1.2-28
2024-06-02 09:07:47
slackware
slackware
[slackware-security] t1lib
2012-08-16 06:32:38
amazon
amazon
Medium: texlive
2012-03-04 16:08:00
Medium: t1lib
2012-02-02 14:26:00
centos
centos
t1lib security update
2012-01-30 20:25:25
kpathsea, mendexk, texlive security update
2012-02-16 13:36:55
tetex security update
2012-08-23 23:12:26
gentoo
gentoo
T1Lib: : Multiple vulnerabilities
2017-01-23 00:00:00