CVE-2010-2643

Name of the Vulnerable Software and Affected Versions Evince versions 2.32 and earlier

Description The issue is related to an integer overflow in the TFM font parser. This allows remote attackers to execute arbitrary code through a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

Recommendations For Evince versions 2.32 and earlier, consider disabling the thumbnailer or restricting the processing of DVI files until a patch is available. As a temporary workaround, avoid using the dvi-backend component with untrusted font sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.