ALT-PU-2018-1448-1
Closed vulnerabilities
Published: 2019-07-14
BDU:2020-01530
Уязвимость компонента backend/tiff/tiff-document.c программного средства просмотра документов Evince, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2019-07-15
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-1010006
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://bugzilla.maptools.org/show_bug.cgi?id=2745
- http://bugzilla.maptools.org/show_bug.cgi?id=2745
- openSUSE-SU-2019:1908
- openSUSE-SU-2019:1908
- https://bugzilla.gnome.org/show_bug.cgi?id=788980
- https://bugzilla.gnome.org/show_bug.cgi?id=788980
- [debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update
- [debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update
- [debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update
- [debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update
- 20200216 [SECURITY] [DSA 4624-1] evince security update
- 20200216 [SECURITY] [DSA 4624-1] evince security update
- USN-4067-1
- USN-4067-1
- DSA-4624
- DSA-4624