Bug#927820: evince: CVE-2019-11459: Uninitialized memory read
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 23 20:52:39 BST 2019
Source: evince
Version: 3.30.2-3
Severity: important
Tags: security upstream
Control: clone -1 -2
Control: reassign -2 src:atril 1.20.3-1
Control: retitle -2 atril: CVE-2019-11459: Uninitialized memory read
Control: forwarded -1 https://gitlab.gnome.org/GNOME/evince/issues/1129
Hi,
The following vulnerability was published for evince (and same issue
in atril, thus cloning the bug).
CVE-2019-11459[0]:
| The tiff_document_render() and tiff_document_get_thumbnail() functions
| in the TIFF document backend in GNOME Evince through 3.32.0 did not
| handle errors from TIFFReadRGBAImageOriented(), leading to
| uninitialized memory use when processing certain TIFF image files.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-11459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11459
[1] https://gitlab.gnome.org/GNOME/evince/issues/1129
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-gnome-maintainers
mailing list