Your submission was sent successfully! Close

CVE-2019-11459

Published: 22 April 2019

The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
atril
Launchpad, Ubuntu, Debian
bionic Needs triage

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)
evince
Launchpad, Ubuntu, Debian
bionic
Released (3.28.4-0ubuntu1.1)
cosmic
Released (3.30.1-1ubuntu1.3)
disco
Released (3.32.0-1ubuntu0.1)
eoan
Released (3.32.0-1ubuntu1)
focal
Released (3.32.0-1ubuntu1)
groovy
Released (3.32.0-1ubuntu1)
hirsute
Released (3.32.0-1ubuntu1)
impish
Released (3.32.0-1ubuntu1)
jammy
Released (3.32.0-1ubuntu1)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream Needs triage

xenial
Released (3.18.2-1ubuntu4.4)
Patches:
upstream: https://gitlab.gnome.org/GNOME/evince/commit/3e38d5ad724a042eebadcba8c2d57b0f48b7a8c7