Unrated severityNVD Advisory· Published Jul 15, 2019· Updated Aug 5, 2024
CVE-2019-1010006
CVE-2019-1010006
Description
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.
Affected products
27- osv-coords26 versionspkg:rpm/opensuse/evince&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/evince&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/evince&distro=openSUSE%20Tumbleweedpkg:rpm/suse/evince&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/evince&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/evince&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/evince&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/evince&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/evince&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 3.26.0+20180128.1bd86963-lp151.4.6.1+ 25 more
- (no CPE)range: < 3.26.0+20180128.1bd86963-lp151.4.6.1
- (no CPE)range: < 3.26.0+20180128.1bd86963-lp151.4.6.1
- (no CPE)range: < 40.4-1.3
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.26.0+20180128.1bd86963-4.10.1
- (no CPE)range: < 3.26.0+20180128.1bd86963-4.10.1
- (no CPE)range: < 2.28.2-0.7.8.1
- (no CPE)range: < 2.28.2-0.7.8.1
- (no CPE)range: < 3.10.3-2.8.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.10.3-2.8.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- Evince Team/Evincev5Range: 3.26.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- lists.opensuse.org/opensuse-security-announce/2019-08/msg00046.htmlmitrevendor-advisoryx_refsource_SUSE
- usn.ubuntu.com/4067-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4624mitrevendor-advisoryx_refsource_DEBIAN
- bugzilla.maptools.org/show_bug.cgimitrex_refsource_MISC
- bugzilla.gnome.org/show_bug.cgimitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2019/08/msg00013.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2019/08/msg00014.htmlmitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2020/Feb/18mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.