Heap-based buffer overflow in the AFM font parser in the dvi-backend
component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly
other products allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted font
in conjunction with a DVI file that is processed by the thumbnailer.
jdstrand> 5.1.2-3.4 in Debian clams to have fixed this, but the patch wasn't
Updated: 2015-10-17 03:35:36 UTC (commit 10086)