Mandriva Linux Security Advisory : evince (MDVSA-2011:005)

High Nessus Plugin ID 51797

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple vulnerabilities has been found and corrected in evince :

Array index error in the PK and VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer (CVE-2010-2640, CVE-2010-2641).

Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer (CVE-2010-2642).

Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer (CVE-2010-2643).

The updated packages have been patched to correct these issues.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 51797

File Name: mandriva_MDVSA-2011-005.nasl

Version: 1.9

Type: local

Published: 2011/01/28

Updated: 2018/07/19

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.6

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:evince, p-cpe:/a:mandriva:linux:lib64evince-devel, p-cpe:/a:mandriva:linux:lib64evince1, p-cpe:/a:mandriva:linux:lib64evince2, p-cpe:/a:mandriva:linux:libevince-devel, p-cpe:/a:mandriva:linux:libevince1, p-cpe:/a:mandriva:linux:libevince2, cpe:/o:mandriva:linux:2010.0, cpe:/o:mandriva:linux:2010.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2011/01/13

Reference Information

CVE: CVE-2010-2640, CVE-2010-2641, CVE-2010-2642, CVE-2010-2643

BID: 45678

MDVSA: 2011:005