Vulnerabilities > Gnome > Evince

DATE CVE VULNERABILITY TITLE RISK
2019-11-01 CVE-2013-3718 Improper Input Validation vulnerability in multiple products
evince is missing a check on number of pages which can lead to a segmentation fault
local
low complexity
gnome debian redhat opensuse CWE-20
5.5
2019-07-15 CVE-2019-1010006 Integer Overflow or Wraparound vulnerability in multiple products
Evince 3.26.0 is affected by buffer overflow.
local
low complexity
gnome canonical debian opensuse CWE-190
7.8
2019-04-22 CVE-2019-11459 Use of Uninitialized Resource vulnerability in multiple products
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
5.5
2017-11-27 CVE-2017-1000159 OS Command Injection vulnerability in Gnome Evince
Command injection in evince via filename when printing to PDF.
local
low complexity
gnome CWE-78
7.8
2017-09-05 CVE-2017-1000083 backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
local
low complexity
gnome debian redhat
7.8