PT-2019-5048 · Gnome+8 · Gnome Evince+8

Andy Nguyen

·

Publicado

2019-04-13

·

Atualizado

2025-02-18

·

CVE-2019-11459

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions GNOME Evince versions prior to 3.32.0
Description The issue is related to the use of uninitialized memory in the TIFFReadRGBAImageOriented function of the Evince document viewer. This can be exploited by a remote attacker to gain unauthorized access to information. The tiff document render() and tiff document get thumbnail() functions in the TIFF document backend did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
Recommendations For versions prior to 3.32.0, update to version 3.32.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the TIFFReadRGBAImageOriented function until a patch is available. Restrict access to TIFF image files to minimize the risk of exploitation.

Exploit

Correção

Access of Uninitialized Pointer

Improper Check for Exceptional Conditions

Use of Uninitialized Resource

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-824CWE-754CWE-908

Identificadores relacionados

ALSA-2019:3553
ALT-PU-2019-1716
ALT-PU-2019-2803
ALT-PU-2019-2812
ALT-PU-2020-1036
BDU:2020-01690
CESA-2019_3553
CESA-2020_1074
CVE-2019-11459
DLA-1881-1
DLA-1882-1
DSA-4624-1
MGASA-2019-0355
OESA-2022-1550
OPENSUSE-SU-2019:1667-1
OPENSUSE-SU-2019_1667-1
OPENSUSE-SU-2024:10742-1
RHSA-2019:3553
RHSA-2019_3553
RHSA-2020:1074
RHSA-2020_1074
RLSA-2019:3553
SUSE-SU-2019:14141-1
SUSE-SU-2019:1648-1
SUSE-SU-2019:2080-1
SUSE-SU-2019:2080-2
SUSE-SU-2019:2098-1
SUSE-SU-2019_14141-1
SUSE-SU-2019_1648-1
USN-3959-1
USN-7274-1

Produtos afetados

Alt Linux
Almalinux
Centos
Gnome Evince
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu