VulnerableCode Package Details - pkg:deb/debian/evince@3.14.1-2

Search for packages

Package details: pkg:deb/debian/evince@3.14.1-2

Essentials
History (56)

purl	pkg:deb/debian/evince@3.14.1-2

Next non-vulnerable version	3.38.2-1
Latest non-vulnerable version	3.38.2-1
Risk	10.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-g4dd-e3cb-aaaj Aliases: CVE-2019-11459	The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.	3.22.1-3+deb9u2 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.30.2-3+deb10u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.38.2-1 Affected by 0 other vulnerabilities.
VCID-jrm1-d798-aaam Aliases: CVE-2023-51698	Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.	3.30.2-3+deb10u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-jt91-yd9q-aaab Aliases: CVE-2019-1010006	Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.	3.22.1-3+deb9u2 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.30.2-3+deb10u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-jue6-2hcd-aaas Aliases: CVE-2017-1000083	backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.	3.14.1-2+deb8u2 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.22.1-3+deb9u2 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.30.2-3+deb10u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-rj5r-1412-aaas Aliases: CVE-2017-1000159	Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.	3.22.1-3+deb9u2 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.30.2-3+deb10u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-j4ae-6bh9-aaak	evince is missing a check on number of pages which can lead to a segmentation fault	CVE-2013-3718

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T18:09:07.962395+00:00	Debian Oval Importer	Affected by	VCID-g4dd-e3cb-aaaj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-06-21T18:00:11.816807+00:00	Debian Oval Importer	Affected by	VCID-g4dd-e3cb-aaaj	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T17:05:37.122686+00:00	Debian Oval Importer	Affected by	VCID-jt91-yd9q-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T16:14:08.854357+00:00	Debian Oval Importer	Fixing	VCID-j4ae-6bh9-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T15:59:50.342804+00:00	Debian Oval Importer	Affected by	VCID-jue6-2hcd-aaas	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:19:50.457627+00:00	Debian Oval Importer	Affected by	VCID-rj5r-1412-aaas	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T11:02:53.148956+00:00	Debian Oval Importer	Affected by	VCID-jue6-2hcd-aaas	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-21T10:40:42.497892+00:00	Debian Oval Importer	Affected by	VCID-g4dd-e3cb-aaaj	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-21T10:20:50.931679+00:00	Debian Oval Importer	Affected by	VCID-jt91-yd9q-aaab	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-21T10:13:10.527004+00:00	Debian Oval Importer	Affected by	VCID-rj5r-1412-aaas	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-21T09:54:16.730234+00:00	Debian Oval Importer	Affected by	VCID-jue6-2hcd-aaas	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T00:20:55.424535+00:00	Debian Oval Importer	Affected by	VCID-g4dd-e3cb-aaaj	None	36.1.3
2025-06-20T22:19:58.275467+00:00	Debian Oval Importer	Affected by	VCID-jt91-yd9q-aaab	None	36.1.3
2025-06-20T20:26:31.761432+00:00	Debian Oval Importer	Fixing	VCID-j4ae-6bh9-aaak	None	36.1.3
2025-06-20T19:57:38.903226+00:00	Debian Oval Importer	Affected by	VCID-rj5r-1412-aaas	None	36.1.3
2025-06-20T19:48:29.499601+00:00	Debian Oval Importer	Affected by	VCID-jue6-2hcd-aaas	None	36.1.3
2025-06-08T10:40:35.065592+00:00	Debian Oval Importer	Affected by	VCID-g4dd-e3cb-aaaj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T10:31:52.928242+00:00	Debian Oval Importer	Affected by	VCID-g4dd-e3cb-aaaj	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T09:50:29.516790+00:00	Debian Oval Importer	Affected by	VCID-jt91-yd9q-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T09:01:42.480725+00:00	Debian Oval Importer	Fixing	VCID-j4ae-6bh9-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T08:53:11.823686+00:00	Debian Oval Importer	Affected by	VCID-jue6-2hcd-aaas	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:14:24.809997+00:00	Debian Oval Importer	Affected by	VCID-rj5r-1412-aaas	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T04:33:25.510752+00:00	Debian Oval Importer	Affected by	VCID-jue6-2hcd-aaas	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-08T04:20:27.638582+00:00	Debian Oval Importer	Affected by	VCID-g4dd-e3cb-aaaj	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-08T04:07:48.736669+00:00	Debian Oval Importer	Affected by	VCID-jt91-yd9q-aaab	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-08T04:02:07.676284+00:00	Debian Oval Importer	Affected by	VCID-rj5r-1412-aaas	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-08T03:43:04.458113+00:00	Debian Oval Importer	Affected by	VCID-jue6-2hcd-aaas	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-07T17:43:51.009027+00:00	Debian Oval Importer	Affected by	VCID-g4dd-e3cb-aaaj	None	36.1.0
2025-06-07T15:44:08.161871+00:00	Debian Oval Importer	Affected by	VCID-jt91-yd9q-aaab	None	36.1.0
2025-06-07T14:01:14.380452+00:00	Debian Oval Importer	Fixing	VCID-j4ae-6bh9-aaak	None	36.1.0
2025-06-07T13:47:19.318497+00:00	Debian Oval Importer	Affected by	VCID-rj5r-1412-aaas	None	36.1.0
2025-06-07T13:40:36.872842+00:00	Debian Oval Importer	Affected by	VCID-jue6-2hcd-aaas	None	36.1.0
2025-04-12T22:47:52.158783+00:00	Debian Oval Importer	Affected by	VCID-jrm1-d798-aaam	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T22:47:50.060919+00:00	Debian Oval Importer	Affected by	VCID-jrm1-d798-aaam	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-12T22:40:15.168314+00:00	Debian Oval Importer	Fixing	VCID-j4ae-6bh9-aaak	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T22:14:19.703415+00:00	Debian Oval Importer	Affected by	VCID-rj5r-1412-aaas	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T22:07:23.436950+00:00	Debian Oval Importer	Affected by	VCID-jt91-yd9q-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T20:06:57.393414+00:00	Debian Oval Importer	Affected by	VCID-jue6-2hcd-aaas	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T16:22:18.538071+00:00	Debian Oval Importer	Affected by	VCID-g4dd-e3cb-aaaj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T16:13:13.916390+00:00	Debian Oval Importer	Affected by	VCID-g4dd-e3cb-aaaj	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T08:22:41.730312+00:00	Debian Oval Importer	Affected by	VCID-jt91-yd9q-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T07:33:22.205033+00:00	Debian Oval Importer	Fixing	VCID-j4ae-6bh9-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T07:24:43.161557+00:00	Debian Oval Importer	Affected by	VCID-jue6-2hcd-aaas	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:46:35.118317+00:00	Debian Oval Importer	Affected by	VCID-rj5r-1412-aaas	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T03:03:53.045301+00:00	Debian Oval Importer	Affected by	VCID-jue6-2hcd-aaas	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-08T02:49:57.508742+00:00	Debian Oval Importer	Affected by	VCID-g4dd-e3cb-aaaj	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-08T02:36:26.340420+00:00	Debian Oval Importer	Affected by	VCID-jt91-yd9q-aaab	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-08T02:30:28.316317+00:00	Debian Oval Importer	Affected by	VCID-rj5r-1412-aaas	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-08T02:10:51.269844+00:00	Debian Oval Importer	Affected by	VCID-jue6-2hcd-aaas	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-07T16:19:59.839048+00:00	Debian Oval Importer	Affected by	VCID-g4dd-e3cb-aaaj	None	36.0.0
2025-04-07T14:14:54.095996+00:00	Debian Oval Importer	Affected by	VCID-jt91-yd9q-aaab	None	36.0.0
2025-04-07T12:35:32.238967+00:00	Debian Oval Importer	Fixing	VCID-j4ae-6bh9-aaak	None	36.0.0
2025-04-07T12:22:24.450088+00:00	Debian Oval Importer	Affected by	VCID-rj5r-1412-aaas	None	36.0.0
2025-04-07T12:15:56.608517+00:00	Debian Oval Importer	Affected by	VCID-jue6-2hcd-aaas	None	36.0.0
2024-10-15T13:52:52.470887+00:00	Debian Oval Importer	Fixing	VCID-j4ae-6bh9-aaak	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.2
2024-10-05T10:14:15.418874+00:00	Debian Oval Importer	Fixing	VCID-j4ae-6bh9-aaak	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.1