CVE-2019-1010006Integer Overflow or Wraparound in Team Evince

CWE-190Integer Overflow or WraparoundCWE-787Out-of-bounds WriteCWE-120Classic Buffer OverflowCWE-400Uncontrolled Resource ConsumptionCWE-94Code Injection11 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 38.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Gnome EvinceMate-desktop AtrilEvince Team Evince+3 more
Timeline
PublishedJul 15
Latest updateFeb 18

Description

Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

Debiangnome/evince< 3.27.92-1+3
NVDgnome/evince3.26.0
NVDopensuse/leap15.0, 15.1+1
CVEListV5evince_team/evince3.26.0
Debianmate-desktop/atril< 1.22.2-1+3

Also affects: Debian Linux 10.0, 8.0, 9.0, Ubuntu Linux 16.04

🔴Vulnerability Details

4
OSV
atril vulnerabilities2025-02-18
GHSA
GHSA-p9m6-v44h-ccmx: Evince 32022-05-24
CVEList
CVE-2019-1010006: Evince 32019-07-15
OSV
CVE-2019-1010006: Evince 32019-07-15

📋Vendor Advisories

4
Ubuntu
Atril vulnerabilities2025-02-18
Ubuntu
Evince vulnerability2019-07-22
Red Hat
evince: buffer overflow in backend/tiff/tiff-document.c leads to DOS/possible code execution2019-07-14
Debian
CVE-2019-1010006: atril - Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code...2019

💬Community

2
Bugzilla
CVE-2019-1010006 evince: buffer overflow in backend/tiff/tiff-document.c leads to DOS/possible code execution2019-07-17
Bugzilla
CVE-2019-1010006 evince: buffer overflow in backend/tiff/tiff-document.c leads to DOS/possible code execution [fedora-all]2019-07-17
CVE-2019-1010006 — Integer Overflow or Wraparound | cvebase