CVE-2019-1010006
published 2019-07-15CVE-2019-1010006: Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector…
PriorityP338high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
2.09%
79.3th percentile
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | atril | < atril 1.22.2-1 (bookworm) | atril 1.22.2-1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | evince | < atril 1.22.2-1 (bookworm) | atril 1.22.2-1 (bookworm) |
| evince_team | evince | — | — |
| gnome | evince | — | — |
| gnome | evince | >= 0 < 3.27.92-1 | 3.27.92-1 |
| gnome | evince | >= 0 < 3.27.92-1 | 3.27.92-1 |
| gnome | evince | >= 0 < 3.27.92-1 | 3.27.92-1 |
| gnome | evince | >= 0 < 3.27.92-1 | 3.27.92-1 |
| mate-desktop | atril | >= 0 < 1.22.2-1 | 1.22.2-1 |
| mate-desktop | atril | >= 0 < 1.22.2-1 | 1.22.2-1 |
| mate-desktop | atril | >= 0 < 1.22.2-1 | 1.22.2-1 |
| mate-desktop | atril | >= 0 < 1.22.2-1 | 1.22.2-1 |
| mate-desktop | atril | >= 0 < 1.24.0-1ubuntu0.2 | 1.24.0-1ubuntu0.2 |
| mate-desktop | atril | >= 0 < 1.26.0-1ubuntu1.2 | 1.26.0-1ubuntu1.2 |
| mate-desktop | atril | >= 0 < 1.20.1-2ubuntu2+esm2 | 1.20.1-2ubuntu2+esm2 |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Atril vulnerabilities
vendor_ubuntu·2025-02-18·CVSS 7.8
CVE-2023-51698 [HIGH] Atril vulnerabilities
Title: Atril vulnerabilities
Summary: Atril could be made to crash or run programs as your login if it
opened a specially crafted file.
It was discovered that Atril incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a denial of service
or to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.
(CVE-2019-1010006)
Andy Nguyen discovered that Atril incorrectly handled certain images. An
attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 16.04 LTS. (CVE-2019-11459)
Febin Mon Saji discovered that Atril incorrectly handled certain
compressed files. A remote attacker could possibly use this issue to
cause a denial of service or to execute arbitrary code. (CVE-2023-51698)
Instructions: In
Ubuntu
Evince vulnerability
vendor_ubuntu·2019-07-22
CVE-2019-1010006 Evince vulnerability
Title: Evince vulnerability
Summary: Evince could be made to crash or run arbitrary code if it received a
specially crafted PDF file.
It was discovered that Evince incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a denial of service
or to execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
evince: buffer overflow in backend/tiff/tiff-document.c leads to DOS/possible code execution
vendor_redhat·2019-07-14·CVSS 7.8
CVE-2019-1010006 [HIGH] CWE-120 evince: buffer overflow in backend/tiff/tiff-document.c leads to DOS/possible code execution
evince: buffer overflow in backend/tiff/tiff-document.c leads to DOS/possible code execution
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.
Package: evince (Red Hat Enterprise Linux 5) - Out of support scope
Package: evince (Red Hat Enterprise Linux 6) - Out of support scope
Package: evince (Red Hat Enterprise Linux 7) - Not affected
Package: evince (Red Hat Enterprise Linux 8) - Not affected
Debian
CVE-2019-1010006: atril - Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code...
vendor_debian·2019·CVSS 7.8
CVE-2019-1010006 [HIGH] CVE-2019-1010006: atril - Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code...
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.
Scope: local
bookworm: resolved (fixed in 1.22.2-1)
bullseye: resolved (fixed in 1.22.2-1)
forky: resolved (fixed in 1.22.2-1)
sid: resolved (fixed in 1.22.2-1)
trixie: resolved (fixed in 1.22.2-1)
OSV
atril vulnerabilities
osv·2025-02-18·CVSS 7.8
CVE-2019-1010006 [HIGH] atril vulnerabilities
atril vulnerabilities
It was discovered that Atril incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a denial of service
or to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.
(CVE-2019-1010006)
Andy Nguyen discovered that Atril incorrectly handled certain images. An
attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 16.04 LTS. (CVE-2019-11459)
Febin Mon Saji discovered that Atril incorrectly handled certain
compressed files. A remote attacker could possibly use this issue to
cause a denial of service or to execute arbitrary code. (CVE-2023-51698)
GHSA
GHSA-p9m6-v44h-ccmx: Evince 3
ghsa_unreviewed·2022-05-24
CVE-2019-1010006 [HIGH] CWE-190 GHSA-p9m6-v44h-ccmx: Evince 3
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victin must open a crafted PDF file.
OSV
CVE-2019-1010006: Evince 3
osv·2019-07-15·CVSS 7.8
CVE-2019-1010006 [HIGH] CVE-2019-1010006: Evince 3
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-1010006 evince: buffer overflow in backend/tiff/tiff-document.c leads to DOS/possible code execution
bugzilla·2019-07-17·CVSS 7.8
CVE-2019-1010006 [HIGH] CVE-2019-1010006 evince: buffer overflow in backend/tiff/tiff-document.c leads to DOS/possible code execution
CVE-2019-1010006 evince: buffer overflow in backend/tiff/tiff-document.c leads to DOS/possible code execution
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code
execution. The component is: backend/tiff/tiff-document.c. The attack vector is:
Victin must open a crafted PDF file.
Reference:
http://bugzilla.maptools.org/show_bug.cgi?id=2745
Discussion:
Created evince tracking bugs for this issue:
Affects: fedora-all [bug 1730584]
---
This was fixed in 3.28 according to the upstream bug. Are you able to reproduce this on a supported version of Fedora? I see some artefacts due to wrong sizes but no invalid write.
---
In reply to comment #2:
> This was fixed in 3.28 according to the upstream bug. Are you able to
> reproduce this on a supported version of Fe
Bugzilla
CVE-2019-1010006 evince: buffer overflow in backend/tiff/tiff-document.c leads to DOS/possible code execution [fedora-all]
bugzilla·2019-07-17·CVSS 7.8
CVE-2019-1010006 [HIGH] CVE-2019-1010006 evince: buffer overflow in backend/tiff/tiff-document.c leads to DOS/possible code execution [fedora-all]
CVE-2019-1010006 evince: buffer overflow in backend/tiff/tiff-document.c leads to DOS/possible code execution [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: t
CWE
Integer Overflow or Wraparound
mitre_cwe
CWE-190 Integer Overflow or Wraparound
CWE-190: Integer Overflow or Wraparound
The product performs a calculation that can
produce an integer overflow or wraparound when the logic
assumes that the resulting value will always be larger than
the original value. This occurs when an integer value is
incremented to a value that is too large to store in the
associated representation. When this occurs, the value may
become a very small or negative number.
Modes of Introduction:
Phase: Implementation
Note: This weakness may become security critical when determining the offset or size in behaviors such as memory allocation, copying, and concatenation.
Common Consequences:
Scope: Availability. Impact: DoS: Crash, Exit, or Restart, DoS: Resource Consumption (Memory), DoS: Instability. This weakness can generally lead to undefined behav
CWE
Out-of-bounds Write
mitre_cwe
CWE-787 Out-of-bounds Write
CWE-787: Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Modify Memory, Execute Unauthorized Code or Commands. Write operations could cause memory corruption. In some cases, an adversary can modify control data such as return addresses in order to execute unexpected code.
Scope: Availability. Impact: DoS: Crash, Exit, or Restart. Attempting to access out-of-range, invalid, or unauthorized memory could cause the product to crash.
Scope: Other. Impact: Unexpected State. Subsequent write operations can produce undefined or unexpected results.
Detection Methods:
Automated Static Analysis: This weakness can often be detected using automated s
CWE
Compiler Optimization Removal or Modification of Security-critical Code
mitre_cwe
CWE-733 Compiler Optimization Removal or Modification of Security-critical Code
CWE-733: Compiler Optimization Removal or Modification of Security-critical Code
The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified.
Modes of Introduction:
Phase: Build and Compilation
Common Consequences:
Scope: Access Control, Other. Impact: Bypass Protection Mechanism, Alter Execution Logic.
Detection Methods:
Black Box: This specific weakness is impossible to detect using black box methods. While an analyst could examine memory to see that it has not been scrubbed, an analysis of the executable would not be successful. This is because the compiler has already removed the relevant code. Only the source code shows whether the programmer intended to clear the memory or n
http://bugzilla.maptools.org/show_bug.cgi?id=2745http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00046.htmlhttps://bugzilla.gnome.org/show_bug.cgi?id=788980https://lists.debian.org/debian-lts-announce/2019/08/msg00013.htmlhttps://lists.debian.org/debian-lts-announce/2019/08/msg00014.htmlhttps://seclists.org/bugtraq/2020/Feb/18https://usn.ubuntu.com/4067-1/https://www.debian.org/security/2020/dsa-4624http://bugzilla.maptools.org/show_bug.cgi?id=2745http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00046.htmlhttps://bugzilla.gnome.org/show_bug.cgi?id=788980https://lists.debian.org/debian-lts-announce/2019/08/msg00013.htmlhttps://lists.debian.org/debian-lts-announce/2019/08/msg00014.htmlhttps://seclists.org/bugtraq/2020/Feb/18https://usn.ubuntu.com/4067-1/https://www.debian.org/security/2020/dsa-4624
2019-07-15
Published