Home

CVE-2019-1010006

Description

Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.531

Associated Vulnerability

VulnerabilityOS Platform
Document viewer (USN-4067-1) evince_3.18.2-1ubuntu4.6_i386.debLinux
Document viewer (USN-4067-1) evince_3.18.2-1ubuntu4.6_amd64.debLinux
Document viewer (USN-4067-1) evince-common_3.18.2-1ubuntu4.6_all.debLinux
evince security update(DSA-4624-1) evince_3.22.1-3+deb9u2_i386.debLinux
evince security update(DSA-4624-1) evince_3.22.1-3+deb9u2_amd64.debLinux
evince security update(DSA-4624-1) evince_3.30.2-3+deb10u1_i386.debLinux
evince security update(DSA-4624-1) evince_3.30.2-3+deb10u1_amd64.debLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) evince-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) evince-browser-plugin-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) evince-browser-plugin-debuginfo-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) evince-debuginfo-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) evince-debugsource-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) evince-lang-3.20.2-6.27.1.noarch.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) evince-plugin-djvudocument-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) evince-plugin-djvudocument-debuginfo-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) evince-plugin-dvidocument-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) evince-plugin-dvidocument-debuginfo-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) evince-plugin-pdfdocument-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) evince-plugin-pdfdocument-debuginfo-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) evince-plugin-psdocument-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) evince-plugin-psdocument-debuginfo-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) evince-plugin-tiffdocument-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) evince-plugin-tiffdocument-debuginfo-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) evince-plugin-xpsdocument-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) evince-plugin-xpsdocument-debuginfo-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) libevdocument3-4-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) libevdocument3-4-debuginfo-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) libevview3-3-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) libevview3-3-debuginfo-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) nautilus-evince-3.20.2-6.27.1.x86_64.rpmLinux
SUSE-SU-2019:2080-1(SUSE Linux Enterprise Server 12-SP5) nautilus-evince-debuginfo-3.20.2-6.27.1.x86_64.rpmLinux
Official Document Viewer of the MATE Desktop Environment (USN-7274-1) atril_1.24.0-1ubuntu0.2_amd64.debLinux
Official Document Viewer of the MATE Desktop Environment (USN-7274-1) atril_1.26.0-1ubuntu1.2_amd64.debLinux
Official Document Viewer of the MATE Desktop Environment (USN-7274-1) atril-common_1.24.0-1ubuntu0.2_all.debLinux
Official Document Viewer of the MATE Desktop Environment (USN-7274-1) atril-common_1.26.0-1ubuntu1.2_all.debLinux
Official Document Viewer of the MATE Desktop Environment (USN-7274-1) libatrildocument3_1.24.0-1ubuntu0.2_amd64.debLinux
Official Document Viewer of the MATE Desktop Environment (USN-7274-1) libatrildocument3_1.26.0-1ubuntu1.2_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234