DSA-4624-1 evince -- evinceID: oval:org.secpod.oval:def:604749 | Date: (C)2020-02-26 (M)2024-02-08 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in evince, a simple multi-page document viewer. CVE-2017-1000159 Tobias Mueller reported that the DVI exporter in evince is susceptible to a command injection vulnerability via specially crafted filenames. CVE-2019-11459 Andy Nguyen reported that the tiff_document_render and tiff_document_get_thumbnail functions in the TIFF document backend did not handle errors from TIFFReadRGBAImageOriented, leading to disclosure of uninitialized memory when processing TIFF image files. CVE-2019-1010006 A buffer overflow vulnerability in the tiff backend could lead to denial of service, or potentially the execution of arbitrary code if a specially crafted PDF file is opened.
Platform: |
Debian 10.x |
Debian 9.x |
Product: |
evince |
gir1.2-evince-3.0 |
libevdocument3-4 |
libevview3-3 |
libevince-dev |
browser-plugin-evince |