CVE-2010-2642
t1lib - several
EPSS 19.4%
Description
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
How to fix CVE-2010-2642
To remediate CVE-2010-2642, upgrade the affected package to a fixed version below.
- Debian/evince—upgrade to 3.0.2-1 or later
- Debian/t1lib—upgrade to 5.1.2-3+squeeze1 or later
Is CVE-2010-2642 being exploited?
Moderate — EPSS is 19.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 3.0.2-1
- from 0, < 5.1.2-3+squeeze1