Vulnerability-Lookup

CVE-2010-2643 (GCVE-0-2010-2643)

Vulnerability from cvelistv5 – Published: 2011-01-07 18:00 – Updated: 2024-08-07 02:39

Summary

Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/43068	third-party-advisoryx_refsource_SECUNIA
	http://lists.mandriva.com/security-announce/2011-…	vendor-advisoryx_refsource_MANDRIVA
	https://bugzilla.redhat.com/show_bug.cgi?id=666321	x_refsource_CONFIRM
	http://secunia.com/advisories/42872	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2011/0212	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2011/0043	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2011/0029	vdb-entryx_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/42769	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2011/0097	vdb-entryx_refsource_VUPEN
	http://www.debian.org/security/2011/dsa-2357	vendor-advisoryx_refsource_DEBIAN
	http://www.ubuntu.com/usn/USN-1035-1	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.vupen.com/english/advisories/2011/0102	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/42821	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2011/0056	vdb-entryx_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2011-00…	vendor-advisoryx_refsource_REDHAT
	http://git.gnome.org/browse/evince/commit/?id=d41…	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1024937	vdb-entryx_refsource_SECTRACK
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.securityfocus.com/bid/45678	vdb-entryx_refsource_BID
	http://secunia.com/advisories/42847	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:39:37.997Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "43068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43068"
          },
          {
            "name": "MDVSA-2011:005",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://lists.mandriva.com/security-announce/2011-01/msg00006.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=666321"
          },
          {
            "name": "42872",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42872"
          },
          {
            "name": "ADV-2011-0212",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0212"
          },
          {
            "name": "ADV-2011-0043",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0043"
          },
          {
            "name": "ADV-2011-0029",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0029"
          },
          {
            "name": "FEDORA-2011-0224",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html"
          },
          {
            "name": "42769",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42769"
          },
          {
            "name": "ADV-2011-0097",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0097"
          },
          {
            "name": "DSA-2357",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2357"
          },
          {
            "name": "USN-1035-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1035-1"
          },
          {
            "name": "SUSE-SR:2011:002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
          },
          {
            "name": "ADV-2011-0102",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0102"
          },
          {
            "name": "42821",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42821"
          },
          {
            "name": "ADV-2011-0056",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0056"
          },
          {
            "name": "RHSA-2011:0009",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0009.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2"
          },
          {
            "name": "1024937",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024937"
          },
          {
            "name": "FEDORA-2011-0208",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html"
          },
          {
            "name": "45678",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45678"
          },
          {
            "name": "42847",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42847"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-01-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-01-12T10:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "43068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43068"
        },
        {
          "name": "MDVSA-2011:005",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://lists.mandriva.com/security-announce/2011-01/msg00006.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=666321"
        },
        {
          "name": "42872",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42872"
        },
        {
          "name": "ADV-2011-0212",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0212"
        },
        {
          "name": "ADV-2011-0043",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0043"
        },
        {
          "name": "ADV-2011-0029",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0029"
        },
        {
          "name": "FEDORA-2011-0224",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html"
        },
        {
          "name": "42769",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42769"
        },
        {
          "name": "ADV-2011-0097",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0097"
        },
        {
          "name": "DSA-2357",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2357"
        },
        {
          "name": "USN-1035-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1035-1"
        },
        {
          "name": "SUSE-SR:2011:002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
        },
        {
          "name": "ADV-2011-0102",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0102"
        },
        {
          "name": "42821",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42821"
        },
        {
          "name": "ADV-2011-0056",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0056"
        },
        {
          "name": "RHSA-2011:0009",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0009.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2"
        },
        {
          "name": "1024937",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024937"
        },
        {
          "name": "FEDORA-2011-0208",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html"
        },
        {
          "name": "45678",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45678"
        },
        {
          "name": "42847",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42847"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2643",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "43068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43068"
            },
            {
              "name": "MDVSA-2011:005",
              "refsource": "MANDRIVA",
              "url": "http://lists.mandriva.com/security-announce/2011-01/msg00006.php"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=666321",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=666321"
            },
            {
              "name": "42872",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42872"
            },
            {
              "name": "ADV-2011-0212",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0212"
            },
            {
              "name": "ADV-2011-0043",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0043"
            },
            {
              "name": "ADV-2011-0029",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0029"
            },
            {
              "name": "FEDORA-2011-0224",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html"
            },
            {
              "name": "42769",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42769"
            },
            {
              "name": "ADV-2011-0097",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0097"
            },
            {
              "name": "DSA-2357",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2357"
            },
            {
              "name": "USN-1035-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1035-1"
            },
            {
              "name": "SUSE-SR:2011:002",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
            },
            {
              "name": "ADV-2011-0102",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0102"
            },
            {
              "name": "42821",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42821"
            },
            {
              "name": "ADV-2011-0056",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0056"
            },
            {
              "name": "RHSA-2011:0009",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0009.html"
            },
            {
              "name": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2"
            },
            {
              "name": "1024937",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024937"
            },
            {
              "name": "FEDORA-2011-0208",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html"
            },
            {
              "name": "45678",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/45678"
            },
            {
              "name": "42847",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42847"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2643",
    "datePublished": "2011-01-07T18:00:00.000Z",
    "dateReserved": "2010-07-06T00:00:00.000Z",
    "dateUpdated": "2024-08-07T02:39:37.997Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2010-2643

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-2643

Aliases

CVE-2010-2643

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-2643",
    "description": "Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.",
    "id": "GSD-2010-2643",
    "references": [
      "https://www.suse.com/security/cve/CVE-2010-2643.html",
      "https://access.redhat.com/errata/RHSA-2011:0009",
      "https://linux.oracle.com/cve/CVE-2010-2643.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-2643"
      ],
      "details": "Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.",
      "id": "GSD-2010-2643",
      "modified": "2023-12-13T01:21:31.085085Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-2643",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "43068",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/43068"
          },
          {
            "name": "MDVSA-2011:005",
            "refsource": "MANDRIVA",
            "url": "http://lists.mandriva.com/security-announce/2011-01/msg00006.php"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=666321",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=666321"
          },
          {
            "name": "42872",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/42872"
          },
          {
            "name": "ADV-2011-0212",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0212"
          },
          {
            "name": "ADV-2011-0043",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0043"
          },
          {
            "name": "ADV-2011-0029",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0029"
          },
          {
            "name": "FEDORA-2011-0224",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html"
          },
          {
            "name": "42769",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/42769"
          },
          {
            "name": "ADV-2011-0097",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0097"
          },
          {
            "name": "DSA-2357",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2011/dsa-2357"
          },
          {
            "name": "USN-1035-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-1035-1"
          },
          {
            "name": "SUSE-SR:2011:002",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
          },
          {
            "name": "ADV-2011-0102",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0102"
          },
          {
            "name": "42821",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/42821"
          },
          {
            "name": "ADV-2011-0056",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0056"
          },
          {
            "name": "RHSA-2011:0009",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0009.html"
          },
          {
            "name": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2",
            "refsource": "CONFIRM",
            "url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2"
          },
          {
            "name": "1024937",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1024937"
          },
          {
            "name": "FEDORA-2011-0208",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html"
          },
          {
            "name": "45678",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/45678"
          },
          {
            "name": "42847",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/42847"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.31.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.31.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.29.92:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.31.92:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.30.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.31.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.31.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.31.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.31.90:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.31.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.30.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:2.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:evince:0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2643"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2"
            },
            {
              "name": "42769",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/42769"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=666321",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=666321"
            },
            {
              "name": "42821",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/42821"
            },
            {
              "name": "45678",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/45678"
            },
            {
              "name": "FEDORA-2011-0208",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html"
            },
            {
              "name": "42847",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/42847"
            },
            {
              "name": "1024937",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1024937"
            },
            {
              "name": "USN-1035-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1035-1"
            },
            {
              "name": "RHSA-2011:0009",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0009.html"
            },
            {
              "name": "ADV-2011-0043",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0043"
            },
            {
              "name": "ADV-2011-0029",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0029"
            },
            {
              "name": "ADV-2011-0056",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2011/0056"
            },
            {
              "name": "42872",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/42872"
            },
            {
              "name": "FEDORA-2011-0224",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html"
            },
            {
              "name": "MDVSA-2011:005",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://lists.mandriva.com/security-announce/2011-01/msg00006.php"
            },
            {
              "name": "ADV-2011-0097",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2011/0097"
            },
            {
              "name": "ADV-2011-0102",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2011/0102"
            },
            {
              "name": "SUSE-SR:2011:002",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
            },
            {
              "name": "ADV-2011-0212",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2011/0212"
            },
            {
              "name": "43068",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/43068"
            },
            {
              "name": "DSA-2357",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2011/dsa-2357"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2012-01-19T03:49Z",
      "publishedDate": "2011-01-07T19:00Z"
    }
  }
}

FKIE_CVE-2010-2643

Vulnerability from fkie_nvd - Published: 2011-01-07 19:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2	Patch
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html
cve@mitre.org	http://lists.mandriva.com/security-announce/2011-01/msg00006.php
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
cve@mitre.org	http://secunia.com/advisories/42769	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/42821	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/42847	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/42872
cve@mitre.org	http://secunia.com/advisories/43068
cve@mitre.org	http://www.debian.org/security/2011/dsa-2357
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2011-0009.html
cve@mitre.org	http://www.securityfocus.com/bid/45678
cve@mitre.org	http://www.securitytracker.com/id?1024937
cve@mitre.org	http://www.ubuntu.com/usn/USN-1035-1
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0029	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0043	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0056
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0097
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0102
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0212
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=666321	Patch
af854a3a-2127-422b-91ae-364da2661108	http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.mandriva.com/security-announce/2011-01/msg00006.php
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42769	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42821	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42847	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42872
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43068
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2357
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-0009.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/45678
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024937
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1035-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0029	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0043	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0056
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0097
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0102
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0212
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=666321	Patch

Impacted products

Vendor	Product	Version
redhat	evince	0.1
redhat	evince	0.2
redhat	evince	0.3
redhat	evince	0.4
redhat	evince	0.5
redhat	evince	0.6
redhat	evince	0.7
redhat	evince	0.8
redhat	evince	0.9
redhat	evince	2.19
redhat	evince	2.20
redhat	evince	2.21
redhat	evince	2.22
redhat	evince	2.23
redhat	evince	2.24
redhat	evince	2.25
redhat	evince	2.26
redhat	evince	2.27
redhat	evince	2.28
redhat	evince	2.29
redhat	evince	2.29.92
redhat	evince	2.30
redhat	evince	2.30.2
redhat	evince	2.30.3
redhat	evince	2.31
redhat	evince	2.31.1
redhat	evince	2.31.2
redhat	evince	2.31.4
redhat	evince	2.31.4.1
redhat	evince	2.31.6
redhat	evince	2.31.6.1
redhat	evince	2.31.90
redhat	evince	2.31.92
redhat	evince	2.32

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:evince:0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2C4D8E2-B5D1-4229-8C4E-A5D3D45CE232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9B61463-DAAD-42B9-A9E4-7D5C0FC94A26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "682240C5-7830-45AC-A8E8-F012519E3BB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9299EE95-FB9F-40A3-ACBA-9F8675D04314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C9D303A-590D-4D6E-A76E-ED05F5CA3A68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "06F244EC-8257-4B41-8CE1-0BE3F81C6F3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "774E0BE3-5F1F-4C39-9ED2-35E1A0FDE845",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D2EC73E-7AAF-4524-ABA7-5236F1FBD2C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B271944-EAC3-4E79-95BB-58FA1E7EB26B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "47E24A04-E690-4F80-B0F6-7166B01B732A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "47173787-5BD5-4131-A8CD-0D00D1187C41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6508CBF-FC04-441D-9D86-955E6FAA0296",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD94C302-7E99-4F0D-B6CA-9D59120DE5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "750B45E1-7D9D-45BE-8B0B-A5B7045DE309",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E840F13-F8BC-4A99-9404-94E2292F02BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EEFEFB1-A14F-4100-A4AD-0B28E6A2B84D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CACCB74-DE05-4619-8E69-38686FFE9BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E72F3DA-2BA2-4D5E-96E4-8DDDBF7200DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DCCF82E-BFC7-4459-98C2-54754636664B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CA2BC54-6E75-493D-953D-DC41ADBCFAE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.29.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "1660E63C-4CD1-4B43-9A40-0B731FC5C1C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E3ED013-4381-4996-96D8-C560EB24C173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.30.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "219D9DEE-0720-4871-8DDC-C24F5F6FB056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.30.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6456E479-7A12-4904-8054-354AC4FC32AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED7BFBC3-4F4F-4E36-BE99-4E6C4CEE2B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.31.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62F1AA5A-33FE-4C61-8311-3FE44CE9C04B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.31.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0232A03E-43BC-4AC3-8175-BD3BAAB842A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.31.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAA8CD39-5229-44AF-AC3D-2713E753D782",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.31.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8DC7981-BA67-463C-AA67-96F8EE9C6DD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.31.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D23AD37-4BBA-4B5B-961F-89AFD892E4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.31.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8783726-03D8-4DBE-8F2A-DC01B29C18F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.31.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE5419CF-CC0A-451C-A9CE-4CA811EFDCA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.31.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAE1D8FE-395E-4009-B91C-4CC966952837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:evince:2.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B376398-C50A-4F44-BAE1-14BA4942E368",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en el analizador sint\u00e1ctico de fuentes TFM en el componente dvi-backend en Evince v2.32 y anteriores permite a los atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de una fuente manipulada junto con un fichero DVI que es procesado por el gestor de im\u00e1gines miniatura. ."
    }
  ],
  "id": "CVE-2010-2643",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-01-07T19:00:17.407",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.mandriva.com/security-announce/2011-01/msg00006.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42769"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42821"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42847"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/42872"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2011/dsa-2357"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0009.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/45678"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1024937"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-1035-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0029"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0043"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0056"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0097"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0102"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=666321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.mandriva.com/security-announce/2011-01/msg00006.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42769"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2357"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/45678"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024937"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1035-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0097"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=666321"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2011-AVI-005

Vulnerability from certfr_avis - Published: 2001-01-11 - Updated: 2011-01-07

Plusieurs vulnérabilités ont été corrigées dans evince, un lecteur de documents pouvant lire différents format de fichiers (PDF, DVI, PostScript) pour l'environnement de bureau GNOME. L'exploitation réussie de celles-ci peut permettre l'exécution de code arbitraire à distance.

Description

Quatres vulnérabilités dans le moteur de rendu de fichiers DVI ont été corrigées. En forçant un utilisateur à afficher un fichier DVI spécialement conçu, un attaquant peut terminer l'exécution d'evince ou exécuter du code arbitraire avec les droits de cet utilisateur.

Solution

Se référer aux bulletins de sécurité des différentes distributions utilisant ce logiciel pour l'obtention des correctifs (cf. section Documentation).

evince versions 2.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

GHSA-PGXJ-RQ3F-M3H9

Vulnerability from github – Published: 2022-05-17 05:35 – Updated: 2022-05-17 05:35

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-2643"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-01-07T19:00:00Z",
    "severity": "HIGH"
  },
  "details": "Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.",
  "id": "GHSA-pgxj-rq3f-m3h9",
  "modified": "2022-05-17T05:35:28Z",
  "published": "2022-05-17T05:35:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2643"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=666321"
    },
    {
      "type": "WEB",
      "url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.mandriva.com/security-announce/2011-01/msg00006.php"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42769"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42821"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42847"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42872"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2357"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0009.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/45678"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024937"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1035-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0029"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0043"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0056"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0097"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0102"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-2643 (GCVE-0-2010-2643)

GSD-2010-2643

FKIE_CVE-2010-2643

CERTA-2011-AVI-005

Description

Solution

GHSA-PGXJ-RQ3F-M3H9

Tags

Sightings

Nomenclature