First published: Sun Jul 14 2019(Updated: )
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.
Credit: josh@bress.net josh@bress.net josh@bress.net
Affected Software | Affected Version | How to fix |
---|---|---|
GNOME evince | =3.26.0 | |
ubuntu/evince | <3.18.2-1ubuntu4.6 | 3.18.2-1ubuntu4.6 |
Canonical Ubuntu Linux | =16.04 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =15.1 | |
debian/atril | 1.20.3-1+deb10u1 1.24.0-1 1.26.0-2+deb12u2 1.26.2-1 1.26.2-3 | |
debian/evince | 3.30.2-3+deb10u1 3.38.2-1 43.1-2 45.0-1 46.0-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for Evince 3.26.0 is CVE-2019-1010006.
The impact of CVE-2019-1010006 is Denial of Service (DOS) and possible code execution.
The component of Evince affected by CVE-2019-1010006 is backend/tiff/tiff-document.c.
The attack vector for CVE-2019-1010006 is the victim must open a crafted PDF file.
To fix the buffer overflow vulnerability in Evince 3.26.0, update the software to version 3.18.2-1ubuntu4.6 or higher.