CVE-2010-2642
Title: Redhat Evince RCE
Memory Corruption
Proof Of Concept
No public PoC currently indexed for CVE-2010-2642.
CWE Category
CWE-119
Published Date
Jan 07, 2011
Modified Date
Jun 16, 2026
Exploit Status
Not Found
Score
7.6
CVSS v2.0
Exploit Probability (EPSS)
14.27%
Vulnerability Summary
CVE-2010-2642: Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
Impacted Vendors
Reference Links
http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html
http://lists.mandriva.com/security-announce/2011-01/msg00006.php
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://rhn.redhat.com/errata/RHSA-2012-1201.html
http://secunia.com/advisories/42769
http://secunia.com/advisories/42821
http://secunia.com/advisories/42847
http://secunia.com/advisories/42872
http://www.debian.org/security/2011/dsa-2357
http://www.mandriva.com/security/advisories?name=MDVSA-2011:016
http://www.mandriva.com/security/advisories?name=MDVSA-2011:017
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
http://www.redhat.com/support/errata/RHSA-2011-0009.html
http://www.securityfocus.com/bid/45678
http://www.securitytracker.com/id?1024937
http://www.ubuntu.com/usn/USN-1035-1
http://www.vupen.com/english/advisories/2011/0029
http://www.vupen.com/english/advisories/2011/0043
http://www.vupen.com/english/advisories/2011/0056
http://www.vupen.com/english/advisories/2011/0097
http://www.vupen.com/english/advisories/2011/0102
http://www.vupen.com/english/advisories/2011/0193
http://www.vupen.com/english/advisories/2011/0194
https://bugzilla.redhat.com/show_bug.cgi?id=666318
https://security.gentoo.org/glsa/201701-57
http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html
http://lists.mandriva.com/security-announce/2011-01/msg00006.php
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://rhn.redhat.com/errata/RHSA-2012-1201.html
http://secunia.com/advisories/42769
http://secunia.com/advisories/42821
http://secunia.com/advisories/42847
http://secunia.com/advisories/42872
http://www.debian.org/security/2011/dsa-2357
http://www.mandriva.com/security/advisories?name=MDVSA-2011:016
http://www.mandriva.com/security/advisories?name=MDVSA-2011:017
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
http://www.redhat.com/support/errata/RHSA-2011-0009.html
http://www.securityfocus.com/bid/45678
http://www.securitytracker.com/id?1024937
http://www.ubuntu.com/usn/USN-1035-1
http://www.vupen.com/english/advisories/2011/0029
http://www.vupen.com/english/advisories/2011/0043
http://www.vupen.com/english/advisories/2011/0056
http://www.vupen.com/english/advisories/2011/0097
http://www.vupen.com/english/advisories/2011/0102
http://www.vupen.com/english/advisories/2011/0193
http://www.vupen.com/english/advisories/2011/0194
https://bugzilla.redhat.com/show_bug.cgi?id=666318
https://security.gentoo.org/glsa/201701-57
CVSS v2.0
Source Entity
[email protected]
Severity
HIGH
7.6
Access Vector
N/A
Authentication
N/A
RAW VECTOR
AV:N/AC:H/Au:N/C:C/I:C/A:C
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2010-2642 Exploits & PoCs (Proof Of Concept)
No public PoCs found in our database for this CVE.
MODIFIED
Vulnerability data updated via NVD.
MODIFIED
Vulnerability data updated via NVD.
MODIFIED
Vulnerability data or affected products updated.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
N/A
Complexity
N/A
Privileges
N/A
Interaction
NONE
CVSS Vector String
AV:N/AC:H/Au:N/C:C/I:C/A:C
Affected Stack
No specific products linked.