7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.086 Low
EPSS
Percentile
94.5%
Heap-based buffer overflow in the AFM font parser in the dvi-backend
component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly
other products allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted font
in conjunction with a DVI file that is processed by the thumbnailer.
Author | Note |
---|---|
jdstrand | 5.1.2-3.4 in Debian clams to have fixed this, but the patch wasn’t applied |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | evince | < 2.22.2-0ubuntu2.1 | UNKNOWN |
ubuntu | 9.10 | noarch | evince | < 2.28.1-0ubuntu1.3 | UNKNOWN |
ubuntu | 10.04 | noarch | evince | < 2.30.3-0ubuntu1.2 | UNKNOWN |
ubuntu | 10.10 | noarch | evince | < 2.32.0-0ubuntu1.1 | UNKNOWN |
ubuntu | 11.04 | noarch | evince | < 2.32.0-0ubuntu4 | UNKNOWN |
ubuntu | 10.04 | noarch | t1lib | < 5.1.2-3ubuntu0.10.04.2 | UNKNOWN |
ubuntu | 10.10 | noarch | t1lib | < 5.1.2-3ubuntu0.10.10.2 | UNKNOWN |
ubuntu | 11.04 | noarch | t1lib | < 5.1.2-3ubuntu0.11.04.2 | UNKNOWN |
ubuntu | 11.10 | noarch | t1lib | < 5.1.2-3ubuntu0.11.10.2 | UNKNOWN |