CVE-2019-11459

Published: 22 April 2019

The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
atril Launchpad, Ubuntu, Debian	bionic	Needs triage
	cosmic	Ignored (reached end-of-life)
	disco	Ignored (reached end-of-life)
	eoan	Ignored (reached end-of-life)
	focal	Needs triage
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Needs triage
	jammy	Needs triage
	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Ignored (end of standard support, was needs-triage)
evince Launchpad, Ubuntu, Debian	bionic	Released (3.28.4-0ubuntu1.1)
	cosmic	Released (3.30.1-1ubuntu1.3)
	disco	Released (3.32.0-1ubuntu0.1)
	eoan	Released (3.32.0-1ubuntu1)
	focal	Released (3.32.0-1ubuntu1)
	groovy	Released (3.32.0-1ubuntu1)
	hirsute	Released (3.32.0-1ubuntu1)
	impish	Released (3.32.0-1ubuntu1)
	jammy	Released (3.32.0-1ubuntu1)
	precise	Does not exist
	trusty	Does not exist (trusty was needed)
	upstream	Needs triage
	xenial	Released (3.18.2-1ubuntu4.4)
	Patches: upstream: https://gitlab.gnome.org/GNOME/evince/commit/3e38d5ad724a042eebadcba8c2d57b0f48b7a8c7

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2019-11459

Medium

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading