CVE-2019-11459

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GNOME Evince versions prior to 3.32.0

Description The issue is related to the use of uninitialized memory in the TIFFReadRGBAImageOriented function of the Evince document viewer. This can be exploited by a remote attacker to gain unauthorized access to information. The tiff document render() and tiff document get thumbnail() functions in the TIFF document backend did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.

Recommendations For versions prior to 3.32.0, update to version 3.32.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the TIFFReadRGBAImageOriented function until a patch is available. Restrict access to TIFF image files to minimize the risk of exploitation.

Exploit

Fix

Access of Uninitialized Pointer

Improper Check for Exceptional Conditions

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-824CWE-754CWE-908

Related Identifiers

ALSA-2019:3553

ALT-PU-2019-1716

ALT-PU-2019-2803

ALT-PU-2019-2812

ALT-PU-2020-1036

BDU:2020-01690

CESA-2019_3553

CESA-2020_1074

CVE-2019-11459

DLA-1881-1

DLA-1882-1

DSA-4624-1

MGASA-2019-0355

OESA-2022-1550

OPENSUSE-SU-2019:1667-1

OPENSUSE-SU-2019_1667-1

OPENSUSE-SU-2024:10742-1

RHSA-2019:3553

RHSA-2019_3553

RHSA-2020:1074

RHSA-2020_1074

RLSA-2019:3553

SUSE-SU-2019:14141-1

SUSE-SU-2019:1648-1

SUSE-SU-2019:2080-1

SUSE-SU-2019:2080-2

SUSE-SU-2019:2098-1

SUSE-SU-2019_14141-1

SUSE-SU-2019_1648-1

USN-3959-1

USN-7274-1

Affected Products

Alt Linux

Almalinux

Centos

Gnome Evince

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2019-11459

Weakness Enumeration

Related Identifiers

Affected Products

References · 379