Vigil@nce - Evince: four vulnerabilities of DVI
January 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to open a malicious DVI file
with Evince, in order to execute code on his computer.
Severity: 2/4
Creation date: 10/01/2011
IMPACTED PRODUCTS
– Fedora
– Mandriva Enterprise Server
– Mandriva Linux
– Red Hat Enterprise Linux
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Evince program displays documents in PDF, PostScript or DVI
formats. The DVI backend is impacted by four vulnerabilities.
A DVI file with a malicious VF font creates an array index
overflow in vf_load_font(). [severity:2/4; 666313, CVE-2010-2640]
A DVI file with a malicious AFM font creates a buffer overflow in
the token() function of the afmparse.c file. [severity:2/4;
666314, CVE-2010-2641]
A DVI file with a malicious PK font creates an array index
overflow in the pk_load_font() function. [severity:2/4; 666318,
CVE-2010-2642]
A DVI file with a malicious TFM font creates an integer overflow
in the tfm_load_file() function. [severity:2/4; 666321,
CVE-2010-2643]
An attacker can therefore invite the victim to open a malicious
DVI file with Evince, in order to execute code on his computer.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Evince-four-vulnerabilities-of-DVI-10258