Lucene search

[email protected]NVD:CVE-2010-2642

HistoryJan 07, 2011 - 7:00 p.m.

CVE-2010-2642

2011-01-0719:00:17

CWE-119

[email protected]

web.nvd.nist.gov

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.086 Low

EPSS

Percentile

94.5%

JSON

Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

Affected configurations

NVD

Node

redhatevinceRange≤2.32

redhatevinceMatch0.1

redhatevinceMatch0.2

redhatevinceMatch0.3

redhatevinceMatch0.4

redhatevinceMatch0.5

redhatevinceMatch0.6

redhatevinceMatch0.7

redhatevinceMatch0.8

redhatevinceMatch0.9

redhatevinceMatch2.19

redhatevinceMatch2.20

redhatevinceMatch2.21

redhatevinceMatch2.22

redhatevinceMatch2.23

redhatevinceMatch2.24

redhatevinceMatch2.25

redhatevinceMatch2.26

redhatevinceMatch2.27

redhatevinceMatch2.28

redhatevinceMatch2.29

redhatevinceMatch2.29.92

redhatevinceMatch2.30

redhatevinceMatch2.30.2

redhatevinceMatch2.30.3

redhatevinceMatch2.31

redhatevinceMatch2.31.1

redhatevinceMatch2.31.2

redhatevinceMatch2.31.4

redhatevinceMatch2.31.4.1

redhatevinceMatch2.31.6

redhatevinceMatch2.31.6.1

redhatevinceMatch2.31.90

redhatevinceMatch2.31.92

t1libt1libMatch5.1.2

tugtetexMatch3.0

References

git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2

lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html

lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html

lists.mandriva.com/security-announce/2011-01/msg00006.php

lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

rhn.redhat.com/errata/RHSA-2012-1201.html

secunia.com/advisories/42769

secunia.com/advisories/42821

secunia.com/advisories/42847

secunia.com/advisories/42872

www.debian.org/security/2011/dsa-2357

www.mandriva.com/security/advisories?name=MDVSA-2011:016

www.mandriva.com/security/advisories?name=MDVSA-2011:017

www.mandriva.com/security/advisories?name=MDVSA-2012:144

www.redhat.com/support/errata/RHSA-2011-0009.html

www.securityfocus.com/bid/45678

www.securitytracker.com/id?1024937

www.ubuntu.com/usn/USN-1035-1

www.vupen.com/english/advisories/2011/0029

www.vupen.com/english/advisories/2011/0043

www.vupen.com/english/advisories/2011/0056

www.vupen.com/english/advisories/2011/0097

www.vupen.com/english/advisories/2011/0102

www.vupen.com/english/advisories/2011/0193

www.vupen.com/english/advisories/2011/0194

bugzilla.redhat.com/show_bug.cgi?id=666318

security.gentoo.org/glsa/201701-57

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.086 Low

EPSS

Percentile

94.5%

JSON

Related for NVD:CVE-2010-2642

openvas47 veracode1 cve3 nessus41 cvelist3 ubuntucve3 prion3 debiancve3 cbl_mariner1 nvd2 ubuntu2 oraclelinux4 securityvulns2 gentoo2 fedora4 redhat4 osv2 debian2 slackware1 centos3 amazon2