CVE-2010-2640

Name of the Vulnerable Software and Affected Versions Evince versions 2.32 and earlier

Description The issue is related to an array index error in the PK font parser of the dvi-backend component. This error can be exploited by remote attackers to cause a denial of service, resulting in an application crash, or possibly execute arbitrary code. The exploitation involves a crafted font used in conjunction with a DVI file that is processed by the thumbnailer.

Recommendations For Evince versions 2.32 and earlier, consider disabling the thumbnailer feature until a patch is available to prevent potential exploitation. Additionally, restrict access to the dvi-backend component to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.