Synopsis: Moderate: evince security update Issue date: 2011-01-06 CVE Names: CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 An array index error was found in the DeVice Independent (DVI) renderer's PK and VF font file parsers. A DVI file that references a specially-crafted font file could, when opened, cause Evince to crash or, potentially, execute arbitrary code with the privileges of the user running Evince. (CVE-2010-2640, CVE-2010-2641) A heap-based buffer overflow flaw was found in the DVI renderer's AFM font file parser. A DVI file that references a specially-crafted font file could, when opened, cause Evince to crash or, potentially, execute arbitrary code with the privileges of the user running Evince. (CVE-2010-2642) An integer overflow flaw was found in the DVI renderer's TFM font file parser. A DVI file that references a specially-crafted font file could, when opened, cause Evince to crash or, potentially, execute arbitrary code with the privileges of the user running Evince. (CVE-2010-2643) Note: The above issues are not exploitable unless an attacker can trick the user into installing a malicious font file. SL 6.x SRPMS: evince-2.28.2-14.el6_0.1.src.rpm i386: evince-2.28.2-14.el6_0.1.i686.rpm evince-devel-2.28.2-14.el6_0.1.i686.rpm evince-dvi-2.28.2-14.el6_0.1.i686.rpm evince-libs-2.28.2-14.el6_0.1.i686.rpm x86_64: evince-2.28.2-14.el6_0.1.x86_64.rpm evince-devel-2.28.2-14.el6_0.1.i686.rpm evince-devel-2.28.2-14.el6_0.1.x86_64.rpm evince-dvi-2.28.2-14.el6_0.1.x86_64.rpm evince-libs-2.28.2-14.el6_0.1.i686.rpm evince-libs-2.28.2-14.el6_0.1.x86_64.rpm -Connie Sieh -Troy Dawson