PT-2019-4925 · Gnome+4 · Evince+4

Sebastian Feldmann

Publicado

2018-03-18

Atualizado

2025-02-18

CVE-2019-1010006

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Evince version 3.26.0

Description The issue is caused by a buffer overflow in the backend/tiff/tiff-document.c component of the Evince document viewer. This can be exploited by a remote attacker using a specially crafted PDF file, potentially allowing for denial of service or execution of arbitrary code. The attack vector involves the victim opening the crafted PDF file, and the issue arises from an incorrect integer overflow protection mechanism in the tiff document render and tiff document get thumbnail functions.

Recommendations For Evince version 3.26.0, as a temporary workaround, consider disabling the rendering of TIFF documents until a patch is available. Restrict access to the backend/tiff/tiff-document.c component to minimize the risk of exploitation. Avoid opening suspicious or untrusted PDF files with Evince until the issue is resolved.

Exploit

Correção

DoS

Integer Overflow

Memory Corruption

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-733CWE-190CWE-787CWE-119

Identificadores relacionados

ALT-PU-2018-1448

BDU:2020-01530

CVE-2019-1010006

DLA-1881-1

DLA-1882-1

DSA-4624-1

OPENSUSE-SU-2019:1908-1

OPENSUSE-SU-2019_1908-1

OPENSUSE-SU-2024:10742-1

SUSE-SU-2019:14141-1

SUSE-SU-2019:2052-1

SUSE-SU-2019:2080-1

SUSE-SU-2019:2080-2

SUSE-SU-2019:2098-1

SUSE-SU-2019_14141-1

SUSE-SU-2019_2052-1

SUSE-SU-2019_2080-1

SUSE-SU-2019_2098-1

USN-4067-1

USN-7274-1

Produtos afetados

Alt Linux

Evince

Linuxmint

Suse

Ubuntu

PT-2019-4925 · Gnome+4 · Evince+4

CVE-2019-1010006

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 75