DSA-4624-1 evince -- evinceID: oval:org.secpod.oval:def:69951 | Date: (C)2021-03-03 (M)2024-02-08 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in evince, a simple multi-page document viewer. CVE-2017-1000159 Tobias Mueller reported that the DVI exporter in evince is susceptible to a command injection vulnerability via specially crafted filenames. CVE-2019-11459 Andy Nguyen reported that the tiff_document_render and tiff_document_get_thumbnail functions in the TIFF document backend did not handle errors from TIFFReadRGBAImageOriented, leading to disclosure of uninitialized memory when processing TIFF image files. CVE-2019-1010006 A buffer overflow vulnerability in the tiff backend could lead to denial of service, or potentially the execution of arbitrary code if a specially crafted PDF file is opened.