Evice Security Fixes for Debian

The problems were pointed out by Jon Larimer from IBM X-Force Advanced Research

By on December 5th, 2011 07:20 GMT

The Debian project announced that a security update has been released for Evince, a document viewer for multiple document formats such as pdf, postscript, and many others.

The developers have pointed out that Jon Larimer from IBM X-Force Advanced Research discovered multiple vulnerabilities in the DVI backend of the Evince document viewer.

The first one is security problem about insufficient array bounds checks in the PK fonts parser, which could lead to function pointer overwrite, and thus facilitate arbitrary code execution.

A second fix was needed because insufficient bounds checks in the AFM fonts parser, when writing data to a memory buffer allocated on heap, it could lead to arbitrary memory overwrite and arbitrary code execution.

Finally, the third and final patch fixed an insuficient check on an integer used as a size for memory allocation that could lead to an arbitrary write outside the allocated range and cause arbitrary code execution.

These fixes have been implemented in Evince 2.22.2-4~lenny2, Evince 2.30.3-2+squeeze1, Evince 3.0.2 Wheezy, and Evince 3.0.2 Sid.

Download Debian Live 6.0.3 right now from Softpedia.

Comments