7.8
CWE
190 787 119
Advisory Published
CVE Published
Updated

CVE-2019-1010006: Integer Overflow

First published: Sun Jul 14 2019(Updated: )

Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.

Credit: josh@bress.net josh@bress.net josh@bress.net

Affected SoftwareAffected VersionHow to fix
GNOME evince=3.26.0
ubuntu/evince<3.18.2-1ubuntu4.6
3.18.2-1ubuntu4.6
Canonical Ubuntu Linux=16.04
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
openSUSE Leap=15.0
openSUSE Leap=15.1
debian/atril
1.20.3-1+deb10u1
1.24.0-1
1.26.0-2+deb12u2
1.26.2-1
1.26.2-3
debian/evince
3.30.2-3+deb10u1
3.38.2-1
43.1-2
45.0-1
46.0-1

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the vulnerability ID for Evince 3.26.0?

    The vulnerability ID for Evince 3.26.0 is CVE-2019-1010006.

  • What is the impact of CVE-2019-1010006?

    The impact of CVE-2019-1010006 is Denial of Service (DOS) and possible code execution.

  • Which component of Evince is affected by CVE-2019-1010006?

    The component of Evince affected by CVE-2019-1010006 is backend/tiff/tiff-document.c.

  • What is the attack vector for CVE-2019-1010006?

    The attack vector for CVE-2019-1010006 is the victim must open a crafted PDF file.

  • How can the buffer overflow vulnerability in Evince 3.26.0 be fixed?

    To fix the buffer overflow vulnerability in Evince 3.26.0, update the software to version 3.18.2-1ubuntu4.6 or higher.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203