cbcvebase.
CVE-2019-1010006
published 2019-07-15

CVE-2019-1010006: Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector…

PriorityP338high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
2.09%
79.3th percentile
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.

Affected

21 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
debianatril< atril 1.22.2-1 (bookworm)atril 1.22.2-1 (bookworm)
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianevince< atril 1.22.2-1 (bookworm)atril 1.22.2-1 (bookworm)
evince_teamevince
gnomeevince
gnomeevince>= 0 < 3.27.92-13.27.92-1
gnomeevince>= 0 < 3.27.92-13.27.92-1
gnomeevince>= 0 < 3.27.92-13.27.92-1
gnomeevince>= 0 < 3.27.92-13.27.92-1
mate-desktopatril>= 0 < 1.22.2-11.22.2-1
mate-desktopatril>= 0 < 1.22.2-11.22.2-1
mate-desktopatril>= 0 < 1.22.2-11.22.2-1
mate-desktopatril>= 0 < 1.22.2-11.22.2-1
mate-desktopatril>= 0 < 1.24.0-1ubuntu0.21.24.0-1ubuntu0.2
mate-desktopatril>= 0 < 1.26.0-1ubuntu1.21.26.0-1ubuntu1.2
mate-desktopatril>= 0 < 1.20.1-2ubuntu2+esm21.20.1-2ubuntu2+esm2
opensuseleap
opensuseleap

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.