Heap-based buffer overflow in the AFM font parser in the dvi-backend
component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly
other products allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted font
in conjunction with a DVI file that is processed by the thumbnailer.
jdstrand> 5.1.2-3.4 in Debian clams to have fixed this, but the patch wasn't
Updated: 2016-03-23 03:37:08 UTC (commit 10817)