Multiple vulnerabilities has been found and corrected in evince:

Array index error in the PK and VF font parser in the dvi-backend
component in Evince 2.32 and earlier allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted font in conjunction with a DVI file that
is processed by the thumbnailer (CVE-2010-2640, CVE-2010-2641).

Heap-based buffer overflow in the AFM font parser in the dvi-backend
component in Evince 2.32 and earlier allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted font in conjunction with a DVI file that
is processed by the thumbnailer (CVE-2010-2642).

Integer overflow in the TFM font parser in the dvi-backend component in
Evince 2.32 and earlier allows remote attackers to execute arbitrary
code via a crafted font in conjunction with a DVI file that is
processed by the thumbnailer (CVE-2010-2643).

The updated packages have been patched to correct these issues.