Информационная безопасность
[RU] switch to English


Переполнения буфера в evince
Опубликовано:7 января 2011 г.
Источник:
SecurityVulns ID:11339
Тип:локальная
Уровень опасности:
4/10
Описание:Переполнение буфера при разборе шрифтов в файлах DVI.
CVE:CVE-2010-2643 (Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.)
 CVE-2010-2642 (Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.)
 CVE-2010-2641 (Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.)
 CVE-2010-2640 (Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.)
Оригинальный текстdocumentUBUNTU, [USN-1035-1] Evince vulnerabilities (07.01.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород