CVE-2019-11459

The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.html	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3553	Third Party Advisory
https://gitlab.gnome.org/GNOME/evince/issues/1129	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LU4YZK5S46TZAH4J3NYYUYFMOC47LJG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ6R7NMY44IHIQIY24CV3WV2GLGJPQPZ/
https://seclists.org/bugtraq/2020/Feb/18	Mailing List Third Party Advisory
https://usn.ubuntu.com/3959-1/	Third Party Advisory
https://www.debian.org/security/2020/dsa-4624	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnome:evince:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:29:::::::*
	cpe:2.3:o:fedoraproject:fedora:30:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 5 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*

Configuration 6 (hide)

OR	cpe:2.3:o:opensuse:leap:15.0:::::::*
	cpe:2.3:o:opensuse:leap:15.1:::::::*

History

No history.

Information

Published : 2019-04-22 22:29

Updated : 2023-11-07 03:03

NVD link : CVE-2019-11459

Mitre link : CVE-2019-11459

CVE.ORG link : CVE-2019-11459

JSON object : View

Products Affected

canonical

ubuntu_linux

redhat

enterprise_linux_server_aus
enterprise_linux_eus
enterprise_linux
enterprise_linux_server_tus

fedoraproject

fedora

opensuse

leap

gnome

evince

debian

debian_linux

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

CWE-908

Use of Uninitialized Resource

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2019-11459

5.5^/10

4.3^/10

Attach tags to `CVE-2019-11459`