CVE-2019-1010006

Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
dwfCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
gnomeevince
3.26.0
canonicalubuntu_linux
16.04
debiandebian_linux
8.0
debiandebian_linux
9.0
debiandebian_linux
10.0
opensuseleap
15.0
opensuseleap
15.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
atril
bullseye (security)
1.24.0-1+deb11u1
fixed
bullseye
1.24.0-1+deb11u1
fixed
bookworm
1.26.0-2+deb12u3
fixed
bookworm (security)
1.26.0-2+deb12u3
fixed
sid
1.26.2-3
fixed
evince
bullseye
3.38.2-1
fixed
bookworm
43.1-2
fixed
sid
46.3.1-1
fixed
trixie
46.3.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
atril
noble
needed
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needed
impish
ignored
hirsute
ignored
groovy
ignored
focal
needed
eoan
ignored
disco
ignored
cosmic
ignored
bionic
needed
xenial
needed
trusty
dne
evince
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
not-affected
xenial
Fixed 3.18.2-1ubuntu4.6
released
trusty
dne
Common Weakness Enumeration
References
http://bugzilla.maptools.org/show_bug.cgi?id=2745
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00046.html
https://bugzilla.gnome.org/show_bug.cgi?id=788980
https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html
https://seclists.org/bugtraq/2020/Feb/18
https://usn.ubuntu.com/4067-1/
https://www.debian.org/security/2020/dsa-4624
http://bugzilla.maptools.org/show_bug.cgi?id=2745
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00046.html
https://bugzilla.gnome.org/show_bug.cgi?id=788980
https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html
https://seclists.org/bugtraq/2020/Feb/18
https://usn.ubuntu.com/4067-1/
https://www.debian.org/security/2020/dsa-4624