Vulnerabilities > CVE-2019-1010006 - Integer Overflow or Wraparound vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
gnome
canonical
debian
opensuse
CWE-190
nessus

Summary

Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4624.NASL
    descriptionSeveral vulnerabilities were discovered in evince, a simple multi-page document viewer. - CVE-2017-1000159 Tobias Mueller reported that the DVI exporter in evince is susceptible to a command injection vulnerability via specially crafted filenames. - CVE-2019-11459 Andy Nguyen reported that the tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend did not handle errors from TIFFReadRGBAImageOriented(), leading to disclosure of uninitialized memory when processing TIFF image files. - CVE-2019-1010006 A buffer overflow vulnerability in the tiff backend could lead to denial of service, or potentially the execution of arbitrary code if a specially crafted PDF file is opened.
    last seen2020-03-17
    modified2020-02-18
    plugin id133731
    published2020-02-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133731
    titleDebian DSA-4624-1 : evince - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2098-1.NASL
    descriptionThis update for evince fixes the following issues : Security issues fixed : CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127785
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127785
    titleSUSE SLES12 Security Update : evince (SUSE-SU-2019:2098-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1908.NASL
    descriptionThis update for evince fixes the following issues : - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128000
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128000
    titleopenSUSE Security Update : evince (openSUSE-2019-1908)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2052-1.NASL
    descriptionThis update for evince fixes the following issues : CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127767
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127767
    titleSUSE SLED15 / SLES15 Security Update : evince (SUSE-SU-2019:2052-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2080-1.NASL
    descriptionThis update for evince fixes the following issues : Security issues fixed : CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127778
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127778
    titleSUSE SLED12 / SLES12 Security Update : evince (SUSE-SU-2019:2080-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1882.NASL
    descriptionA few issues were found in Atril, the MATE document viewer. CVE-2017-1000159 When printing from DVI to PDF, the dvipdfm tool was called without properly sanitizing the filename, which could lead to a command injection attack via the filename. CVE-2019-11459 The tiff_document_render() and tiff_document_get_thumbnail() did not check the status of TIFFReadRGBAImageOriented(), leading to uninitialized memory access if that funcion fails. CVE-2019-1010006 Some buffer overflow checks were not properly done, leading to application crash or possibly arbitrary code execution when opening maliciously crafted files. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id127864
    published2019-08-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127864
    titleDebian DLA-1882-1 : atril security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1906.NASL
    descriptionAccording to the version of the evince packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.(CVE-2019-1010006) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-16
    plugin id128829
    published2019-09-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128829
    titleEulerOS 2.0 SP5 : evince (EulerOS-SA-2019-1906)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4067-1.NASL
    descriptionIt was discovered that Evince incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126947
    published2019-07-23
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126947
    titleUbuntu 16.04 LTS : evince vulnerability (USN-4067-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1881.NASL
    descriptionA few issues were found in the Evince document viewer. CVE-2017-1000159 When printing from DVI to PDF, the dvipdfm tool was called without properly sanitizing the filename, which could lead to a command injection attack via the filename. CVE-2019-11459 The tiff_document_render() and tiff_document_get_thumbnail() did not check the status of TIFFReadRGBAImageOriented(), leading to uninitialized memory access if that funcion fails. CVE-2019-1010006 Some buffer overflow checks were not properly done, leading to application crash or possibly arbitrary code execution when opening maliciously crafted files. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id127863
    published2019-08-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127863
    titleDebian DLA-1881-1 : evince security update