Debian 10: DSA-4624-1 Critical Evince Command Injection and DoS
debian
February 14, 2020
Several vulnerabilities were discovered in evince, a simple multi-page document viewer
Summary
CVE-2017-1000159
Tobias Mueller reported that the DVI exporter in evince is
susceptible to a command injection vulnerability via specially
crafted filenames.
CVE-2019-11459
Andy Nguyen reported that the tiff_document_render() and
tiff_document_get_thumbnail() functions in the TIFF document backend
did not handle errors from TIFFReadRGBAImageOriented(), leading to
disclosure of uninitialized memory when processing TIFF image files.
CVE-2019-1010006
A buffer overflow vulnerability in the tiff backend could lead to
denial of service, or potentially the execution of arbitrary code if
a specially crafted PDF file is opened.
For the oldstable distribution (stretch), these problems have been fixed
in version 3.22.1-3+deb9u2.
For the stable distribution (buster), these problems have been fixed in
version 3.30.2-3+deb10u1. The stable distribution is only affected by
CVE-2019-11459.
We recommend that you upgrade your evince packages.
For the detailed security status of ev...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: evince
CVE ID: CVE-2017-1000159 CVE-2019-11459 CVE-2019-1010006
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!