Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-4624-1 evince -- security update

Related Vulnerabilities: CVE-2017-1000159   CVE-2019-11459   CVE-2019-1010006  

Several vulnerabilities were discovered in evince, a simple multi-page document viewer. CVE-2017-1000159 Tobias Mueller reported that the DVI exporter in evince is susceptible to a command injection vulnerability via specially crafted filenames. CVE-2019-11459 Andy Nguyen reported that the tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend did not handle errors from TIFFReadRGBAImageOriented(), leading to disclosure of uninitialized memory when processing TIFF image files. CVE-2019-1010006 A buffer overflow vulnerability in the tiff backend could lead to denial of service, or potentially the execution of arbitrary code if a specially crafted PDF file is opened. For the oldstable distribution (stretch), these problems have been fixed in version 3.22.1-3+deb9u2. For the stable distribution (buster), these problems have been fixed in version 3.30.2-3+deb10u1. The stable distribution is only affected by CVE-2019-11459. We recommend that you upgrade your evince packages. For the detailed security status of evince please refer to its security tracker page at: https://security-tracker.debian.org/tracker/evince

Source

Debian Security Advisory

DSA-4624-1 evince -- security update

Date Reported:
14 Feb 2020
Affected Packages:
evince
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 927820.
In Mitre's CVE dictionary: CVE-2017-1000159, CVE-2019-11459, CVE-2019-1010006.
More information:

Several vulnerabilities were discovered in evince, a simple multi-page document viewer.

  • CVE-2017-1000159

    Tobias Mueller reported that the DVI exporter in evince is susceptible to a command injection vulnerability via specially crafted filenames.

  • CVE-2019-11459

    Andy Nguyen reported that the tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend did not handle errors from TIFFReadRGBAImageOriented(), leading to disclosure of uninitialized memory when processing TIFF image files.

  • CVE-2019-1010006

    A buffer overflow vulnerability in the tiff backend could lead to denial of service, or potentially the execution of arbitrary code if a specially crafted PDF file is opened.

For the oldstable distribution (stretch), these problems have been fixed in version 3.22.1-3+deb9u2.

For the stable distribution (buster), these problems have been fixed in version 3.30.2-3+deb10u1. The stable distribution is only affected by CVE-2019-11459.

We recommend that you upgrade your evince packages.

For the detailed security status of evince please refer to its security tracker page at: https://security-tracker.debian.org/tracker/evince

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started