PT-2019-4925 · Gnome+4 · Evince+4

Sebastian Feldmann

Published

2018-03-18

Updated

2025-02-18

CVE-2019-1010006

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Evince version 3.26.0

Description The issue is caused by a buffer overflow in the backend/tiff/tiff-document.c component of the Evince document viewer. This can be exploited by a remote attacker using a specially crafted PDF file, potentially allowing for denial of service or execution of arbitrary code. The attack vector involves the victim opening the crafted PDF file, and the issue arises from an incorrect integer overflow protection mechanism in the tiff document render and tiff document get thumbnail functions.

Recommendations For Evince version 3.26.0, as a temporary workaround, consider disabling the rendering of TIFF documents until a patch is available. Restrict access to the backend/tiff/tiff-document.c component to minimize the risk of exploitation. Avoid opening suspicious or untrusted PDF files with Evince until the issue is resolved.

Exploit

Fix

DoS

Integer Overflow

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-733CWE-190CWE-787CWE-119

Related Identifiers

ALT-PU-2018-1448

BDU:2020-01530

CVE-2019-1010006

DLA-1881-1

DLA-1882-1

DSA-4624-1

OPENSUSE-SU-2019:1908-1

OPENSUSE-SU-2019_1908-1

OPENSUSE-SU-2024:10742-1

SUSE-SU-2019:14141-1

SUSE-SU-2019:2052-1

SUSE-SU-2019:2080-1

SUSE-SU-2019:2080-2

SUSE-SU-2019:2098-1

SUSE-SU-2019_14141-1

SUSE-SU-2019_2052-1

SUSE-SU-2019_2080-1

SUSE-SU-2019_2098-1

USN-4067-1

USN-7274-1

Affected Products

Alt Linux

Evince

Linuxmint

Suse

Ubuntu

PT-2019-4925 · Gnome+4 · Evince+4

CVE-2019-1010006

Weakness Enumeration

Related Identifiers

Affected Products

References · 75