Unrated severityOSV Advisory· Published Apr 22, 2019· Updated Aug 4, 2024
CVE-2019-11459
CVE-2019-11459
Description
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
393.1.2, 3.1.90, 3.1.90.1, …+ 1 more
- (no CPE)range: 3.1.2, 3.1.90, 3.1.90.1, …
- (no CPE)range: through 3.32.0
- osv-coords37 versionspkg:rpm/almalinux/gdk-pixbuf2pkg:rpm/almalinux/gdk-pixbuf2-develpkg:rpm/almalinux/gdk-pixbuf2-modulespkg:rpm/almalinux/gdk-pixbuf2-xlibpkg:rpm/almalinux/gdk-pixbuf2-xlib-develpkg:rpm/almalinux/gnome-desktop3pkg:rpm/almalinux/gnome-desktop3-develpkg:rpm/almalinux/libpurplepkg:rpm/almalinux/libpurple-develpkg:rpm/almalinux/pidginpkg:rpm/almalinux/pidgin-develpkg:rpm/opensuse/evince&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/evince&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/evince&distro=openSUSE%20Tumbleweedpkg:rpm/suse/evince&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/evince&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/evince&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/evince&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/evince&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/evince&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 2.36.12-5.el8+ 36 more
- (no CPE)range: < 2.36.12-5.el8
- (no CPE)range: < 2.36.12-5.el8
- (no CPE)range: < 2.36.12-5.el8
- (no CPE)range: < 2.36.12-5.el8
- (no CPE)range: < 2.36.12-5.el8
- (no CPE)range: < 3.32.2-1.el8
- (no CPE)range: < 3.32.2-1.el8
- (no CPE)range: < 2.13.0-5.el8
- (no CPE)range: < 2.13.0-5.el8
- (no CPE)range: < 2.13.0-5.el8
- (no CPE)range: < 2.13.0-5.el8
- (no CPE)range: < 3.26.0+20180128.1bd86963-lp151.4.3.1
- (no CPE)range: < 3.26.0+20180128.1bd86963-lp151.4.3.1
- (no CPE)range: < 40.4-1.3
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.26.0+20180128.1bd86963-4.7.3
- (no CPE)range: < 3.26.0+20180128.1bd86963-4.7.3
- (no CPE)range: < 2.28.2-0.7.8.1
- (no CPE)range: < 2.28.2-0.7.8.1
- (no CPE)range: < 3.10.3-2.8.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.10.3-2.8.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
- (no CPE)range: < 3.20.2-6.27.1
Patches
Vulnerability mechanics
References
10- lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.htmlmitrevendor-advisoryx_refsource_SUSE
- access.redhat.com/errata/RHSA-2019:3553mitrevendor-advisoryx_refsource_REDHAT
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LU4YZK5S46TZAH4J3NYYUYFMOC47LJG/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ6R7NMY44IHIQIY24CV3WV2GLGJPQPZ/mitrevendor-advisoryx_refsource_FEDORA
- usn.ubuntu.com/3959-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4624mitrevendor-advisoryx_refsource_DEBIAN
- gitlab.gnome.org/GNOME/evince/issues/1129mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2019/08/msg00013.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2019/08/msg00014.htmlmitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2020/Feb/18mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.