CVE-2010-2640
evince - several
EPSS 8.2%
Description
Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
How to fix CVE-2010-2640
To remediate CVE-2010-2640, upgrade the affected package to a fixed version below.
- Debian/evince—upgrade to 2.30.3-2 or later
- Debian/evince—upgrade to 2.22.2-4~lenny2 or later
Is CVE-2010-2640 being exploited?
Moderate — EPSS is 8.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2.30.3-2
- from 0, < 2.22.2-4~lenny2