Memory Corruption Vulnerability in GNOME Evince TIFF Document Processing
CVE-2019-11459

5.5MEDIUM

Key Information:

Vendor
Gnome
Status
Evince
Vendor
CVE Published:
22 April 2019

Summary

In GNOME Evince, a memory corruption issue exists due to improper error handling in the tiff_document_render() and tiff_document_get_thumbnail() functions. This vulnerability arises when certain TIFF image files are processed, leading to the use of uninitialized memory which could potentially be exploited. Users are advised to update to the latest version to mitigate the risks associated with this vulnerability.

References

https://gitlab.gnome.org/GNOME/evince/issues/1129
x_refsource_MISC
https://usn.ubuntu.com/3959-1/
vendor-advisoryx_refsource_UBUNTU
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.