Vulnerabilities > CVE-2019-11459 - Use of Uninitialized Resource vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4624.NASL description Several vulnerabilities were discovered in evince, a simple multi-page document viewer. - CVE-2017-1000159 Tobias Mueller reported that the DVI exporter in evince is susceptible to a command injection vulnerability via specially crafted filenames. - CVE-2019-11459 Andy Nguyen reported that the tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend did not handle errors from TIFFReadRGBAImageOriented(), leading to disclosure of uninitialized memory when processing TIFF image files. - CVE-2019-1010006 A buffer overflow vulnerability in the tiff backend could lead to denial of service, or potentially the execution of arbitrary code if a specially crafted PDF file is opened. last seen 2020-03-17 modified 2020-02-18 plugin id 133731 published 2020-02-18 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133731 title Debian DSA-4624-1 : evince - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2098-1.NASL description This update for evince fixes the following issues : Security issues fixed : CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127785 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127785 title SUSE SLES12 Security Update : evince (SUSE-SU-2019:2098-1) NASL family Fedora Local Security Checks NASL id FEDORA_2019-FF2B5B5B47.NASL description Security fix for CVE-2019-11459. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126135 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126135 title Fedora 29 : evince (2019-ff2b5b5b47) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1648-1.NASL description This update for evince provides the following fixes : Security issue fixed : CVE-2019-11459: Fixed an improper error handling in which could have led to use of unitialized use of memory (bsc#1133037). Other issue addressed: Removed Supplements from psdocument package, so that it isn last seen 2020-06-01 modified 2020-06-02 plugin id 126169 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126169 title SUSE SLED15 / SLES15 Security Update : Recommended update for evince (SUSE-SU-2019:1648-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3553.NASL description An update for GNOME is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. GNOME is the default desktop environment of Red Hat Enterprise Linux. Security Fix(es) : * evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459) * gvfs: improper authorization in daemon/gvfsdaemon.c in gvfsd (CVE-2019-12795) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 130552 published 2019-11-06 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130552 title RHEL 8 : GNOME (RHSA-2019:3553) NASL family Fedora Local Security Checks NASL id FEDORA_2019-6316C0663E.NASL description Security fix for CVE-2019-11459. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125909 published 2019-06-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125909 title Fedora 30 : evince (2019-6316c0663e) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2080-1.NASL description This update for evince fixes the following issues : Security issues fixed : CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127778 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127778 title SUSE SLED12 / SLES12 Security Update : evince (SUSE-SU-2019:2080-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1882.NASL description A few issues were found in Atril, the MATE document viewer. CVE-2017-1000159 When printing from DVI to PDF, the dvipdfm tool was called without properly sanitizing the filename, which could lead to a command injection attack via the filename. CVE-2019-11459 The tiff_document_render() and tiff_document_get_thumbnail() did not check the status of TIFFReadRGBAImageOriented(), leading to uninitialized memory access if that funcion fails. CVE-2019-1010006 Some buffer overflow checks were not properly done, leading to application crash or possibly arbitrary code execution when opening maliciously crafted files. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 127864 published 2019-08-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127864 title Debian DLA-1882-1 : atril security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1667.NASL description This update for evince provides the following fixes: 	 Security issue fixed: 	 - CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037).	 Other issue addressed : - Removed Supplements from psdocument package, so that it isn last seen 2020-06-01 modified 2020-06-02 plugin id 126456 published 2019-07-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126456 title openSUSE Security Update : evince (openSUSE-2019-1667) NASL family Scientific Linux Local Security Checks NASL id SL_20200407_POPPLER_AND_EVINCE_ON_SL7_X.NASL description * poppler: integer overflow in Parser::makeStream in Parser.cc * poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc * poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc * poppler: integer overflow in JPXStream::init function leading to memory consumption * evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() last seen 2020-04-30 modified 2020-04-21 plugin id 135829 published 2020-04-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135829 title Scientific Linux Security Update : poppler and evince on SL7.x x86_64 (20200407) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1881.NASL description A few issues were found in the Evince document viewer. CVE-2017-1000159 When printing from DVI to PDF, the dvipdfm tool was called without properly sanitizing the filename, which could lead to a command injection attack via the filename. CVE-2019-11459 The tiff_document_render() and tiff_document_get_thumbnail() did not check the status of TIFFReadRGBAImageOriented(), leading to uninitialized memory access if that funcion fails. CVE-2019-1010006 Some buffer overflow checks were not properly done, leading to application crash or possibly arbitrary code execution when opening maliciously crafted files. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 127863 published 2019-08-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127863 title Debian DLA-1881-1 : evince security update
Redhat
| advisories |
| ||||
| rpms |
|
References
- https://gitlab.gnome.org/GNOME/evince/issues/1129
- https://usn.ubuntu.com/3959-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.html
- https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html
- https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html
- https://access.redhat.com/errata/RHSA-2019:3553
- https://www.debian.org/security/2020/dsa-4624
- https://seclists.org/bugtraq/2020/Feb/18
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LU4YZK5S46TZAH4J3NYYUYFMOC47LJG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ6R7NMY44IHIQIY24CV3WV2GLGJPQPZ/