CVE-2019-11459 — Improper Check for Unusual or Exceptional Conditions in Evince
Severity
5.5MEDIUMNVD
OSV7.8
EPSS
0.4%
top 36.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 22
Latest updateFeb 18
Description
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 29, 30, Ubuntu Linux 16.04, 18.04, 18.10, 19.04, Enterprise Linux 8.0, 8.1, 8.2, 8.4, 8.6
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-3q2g-r99g-8h69: The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3↗2022-05-24
OSV▶
CVE-2019-11459: The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3↗2019-04-22
CVEList▶
CVE-2019-11459: The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3↗2019-04-22
📋Vendor Advisories
4💬Community
3Bugzilla▶
CVE-2019-11459 evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail()↗2019-06-03
Bugzilla▶
CVE-2019-11459 evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() [fedora-30]↗2019-06-03
Bugzilla▶
CVE-2019-11459 evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() [fedora-29]↗2019-06-03