UbuntuUSN-1347-1Evince vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
91.8%
Releases
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04
Packages
- evince - Document viewer
Details
It was discovered that Evince did not properly parse AFM font files when
processing DVI files. If a user were tricked into opening a specially
crafted DVI file, an attacker could cause Evince to crash or potentially
execute arbitrary code with the privileges of the user invoking the
program.
In the default installation, attackers would be isolated by the Evince
AppArmor profile.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 11.04 | noarch | libevdocument3 | < 2.32.0-0ubuntu12.4 | UNKNOWN |
| Ubuntu | 11.04 | noarch | evince | < 2.32.0-0ubuntu12.4 | UNKNOWN |
| Ubuntu | 11.04 | noarch | evince-dbg | < 2.32.0-0ubuntu12.4 | UNKNOWN |
| Ubuntu | 11.04 | noarch | evince-gtk | < 2.32.0-0ubuntu12.4 | UNKNOWN |
| Ubuntu | 11.04 | noarch | gir1.2-evince-2.32 | < 2.32.0-0ubuntu12.4 | UNKNOWN |
| Ubuntu | 11.04 | noarch | libevdocument-dev | < 2.32.0-0ubuntu12.4 | UNKNOWN |
| Ubuntu | 11.04 | noarch | libevview-dev | < 2.32.0-0ubuntu12.4 | UNKNOWN |
| Ubuntu | 11.04 | noarch | libevview3 | < 2.32.0-0ubuntu12.4 | UNKNOWN |
| Ubuntu | 10.10 | noarch | libevdocument3 | < 2.32.0-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 10.10 | noarch | evince | < 2.32.0-0ubuntu1.2 | UNKNOWN |
References
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
91.8%