CVE-2010-2641

Priority
Medium
Description
Array index error in the VF font parser in the dvi-backend component in
Evince 2.32 and earlier allows remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
crafted font in conjunction with a DVI file that is processed by the
thumbnailer.
References
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):released (2.22.2-0ubuntu2.1)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.30.3-0ubuntu1.2)
Ubuntu 11.04 (Natty Narwhal):released (2.32.0-0ubuntu4)
Patches:
Upstream:http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:21:11 UTC (commit 5347)