PublicDateAtUSN: 2011-01-05
Candidate: CVE-2010-2640
PublicDate: 2011-01-07 19:00:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2640
 https://ubuntu.com/security/notices/USN-1035-1
Description:
 Array index error in the PK font parser in the dvi-backend component in
 Evince 2.32 and earlier allows remote attackers to cause a denial of
 service (application crash) or possibly execute arbitrary code via a
 crafted font in conjunction with a DVI file that is processed by the
 thumbnailer.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_evince:
 upstream: http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2
Tags_evince_karmic: apparmor
Tags_evince_lucid: apparmor
Tags_evince_maverick: apparmor
upstream_evince: needed
dapper_evince: ignored (reached end-of-life)
hardy_evince: released (2.22.2-0ubuntu2.1)
karmic_evince: released (2.28.1-0ubuntu1.3)
lucid_evince: released (2.30.3-0ubuntu1.2)
maverick_evince: released (2.32.0-0ubuntu1.1)
devel_evince: released (2.32.0-0ubuntu4)