Search for packages
| purl | pkg:deb/debian/evince@3.22.1-3%2Bdeb9u2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-g4dd-e3cb-aaaj
Aliases: CVE-2019-11459 |
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-jrm1-d798-aaam
Aliases: CVE-2023-51698 |
Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6. |
Affected by 1 other vulnerability. |
|
VCID-jt91-yd9q-aaab
Aliases: CVE-2019-1010006 |
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail. |
Affected by 1 other vulnerability. |
|
VCID-jue6-2hcd-aaas
Aliases: CVE-2017-1000083 |
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename. |
Affected by 1 other vulnerability. |
|
VCID-rj5r-1412-aaas
Aliases: CVE-2017-1000159 |
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-g4dd-e3cb-aaaj | The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. |
CVE-2019-11459
|
| VCID-jt91-yd9q-aaab | Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail. |
CVE-2019-1010006
|
| VCID-jue6-2hcd-aaas | backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename. |
CVE-2017-1000083
|
| VCID-rj5r-1412-aaas | Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91. |
CVE-2017-1000159
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T18:09:07.966878+00:00 | Debian Oval Importer | Affected by | VCID-g4dd-e3cb-aaaj | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T18:00:11.820681+00:00 | Debian Oval Importer | Affected by | VCID-g4dd-e3cb-aaaj | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T17:05:37.128827+00:00 | Debian Oval Importer | Affected by | VCID-jt91-yd9q-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T15:59:50.347724+00:00 | Debian Oval Importer | Affected by | VCID-jue6-2hcd-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:19:50.461868+00:00 | Debian Oval Importer | Affected by | VCID-rj5r-1412-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T11:02:53.152755+00:00 | Debian Oval Importer | Fixing | VCID-jue6-2hcd-aaas | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:40:42.502217+00:00 | Debian Oval Importer | Fixing | VCID-g4dd-e3cb-aaaj | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:20:50.935984+00:00 | Debian Oval Importer | Fixing | VCID-jt91-yd9q-aaab | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T10:13:10.531503+00:00 | Debian Oval Importer | Fixing | VCID-rj5r-1412-aaas | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T00:20:55.428422+00:00 | Debian Oval Importer | Affected by | VCID-g4dd-e3cb-aaaj | None | 36.1.3 |
| 2025-06-20T22:19:58.279614+00:00 | Debian Oval Importer | Affected by | VCID-jt91-yd9q-aaab | None | 36.1.3 |
| 2025-06-20T21:52:43.561046+00:00 | Debian Oval Importer | Affected by | VCID-jue6-2hcd-aaas | None | 36.1.3 |
| 2025-06-20T21:52:18.264083+00:00 | Debian Oval Importer | Affected by | VCID-rj5r-1412-aaas | None | 36.1.3 |
| 2025-06-20T20:13:41.962455+00:00 | Debian Oval Importer | Fixing | VCID-jue6-2hcd-aaas | None | 36.1.3 |
| 2025-06-20T19:57:38.906474+00:00 | Debian Oval Importer | Fixing | VCID-rj5r-1412-aaas | None | 36.1.3 |
| 2025-06-08T10:40:35.068562+00:00 | Debian Oval Importer | Affected by | VCID-g4dd-e3cb-aaaj | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:31:52.931888+00:00 | Debian Oval Importer | Affected by | VCID-g4dd-e3cb-aaaj | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T09:50:29.519804+00:00 | Debian Oval Importer | Affected by | VCID-jt91-yd9q-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:53:11.827146+00:00 | Debian Oval Importer | Affected by | VCID-jue6-2hcd-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:14:24.813236+00:00 | Debian Oval Importer | Affected by | VCID-rj5r-1412-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:33:25.513905+00:00 | Debian Oval Importer | Fixing | VCID-jue6-2hcd-aaas | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:20:27.641634+00:00 | Debian Oval Importer | Fixing | VCID-g4dd-e3cb-aaaj | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:07:48.740370+00:00 | Debian Oval Importer | Fixing | VCID-jt91-yd9q-aaab | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-08T04:02:07.679426+00:00 | Debian Oval Importer | Fixing | VCID-rj5r-1412-aaas | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-07T17:43:51.012684+00:00 | Debian Oval Importer | Affected by | VCID-g4dd-e3cb-aaaj | None | 36.1.0 |
| 2025-06-07T15:44:08.165821+00:00 | Debian Oval Importer | Affected by | VCID-jt91-yd9q-aaab | None | 36.1.0 |
| 2025-06-07T15:16:01.914062+00:00 | Debian Oval Importer | Affected by | VCID-jue6-2hcd-aaas | None | 36.1.0 |
| 2025-06-07T15:15:36.100715+00:00 | Debian Oval Importer | Affected by | VCID-rj5r-1412-aaas | None | 36.1.0 |
| 2025-06-07T13:55:05.778842+00:00 | Debian Oval Importer | Fixing | VCID-jue6-2hcd-aaas | None | 36.1.0 |
| 2025-06-07T13:47:19.322190+00:00 | Debian Oval Importer | Fixing | VCID-rj5r-1412-aaas | None | 36.1.0 |
| 2025-04-12T22:47:52.168607+00:00 | Debian Oval Importer | Affected by | VCID-jrm1-d798-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T22:47:50.071561+00:00 | Debian Oval Importer | Affected by | VCID-jrm1-d798-aaam | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-12T22:14:19.713473+00:00 | Debian Oval Importer | Affected by | VCID-rj5r-1412-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T22:07:23.446934+00:00 | Debian Oval Importer | Affected by | VCID-jt91-yd9q-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:06:57.403373+00:00 | Debian Oval Importer | Affected by | VCID-jue6-2hcd-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:22:18.547740+00:00 | Debian Oval Importer | Affected by | VCID-g4dd-e3cb-aaaj | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:13:13.926168+00:00 | Debian Oval Importer | Affected by | VCID-g4dd-e3cb-aaaj | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T08:22:41.740286+00:00 | Debian Oval Importer | Affected by | VCID-jt91-yd9q-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:24:43.171471+00:00 | Debian Oval Importer | Affected by | VCID-jue6-2hcd-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:46:35.128136+00:00 | Debian Oval Importer | Affected by | VCID-rj5r-1412-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:03:53.055086+00:00 | Debian Oval Importer | Fixing | VCID-jue6-2hcd-aaas | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T02:49:57.519741+00:00 | Debian Oval Importer | Fixing | VCID-g4dd-e3cb-aaaj | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T02:36:26.350899+00:00 | Debian Oval Importer | Fixing | VCID-jt91-yd9q-aaab | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-08T02:30:28.327230+00:00 | Debian Oval Importer | Fixing | VCID-rj5r-1412-aaas | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-07T16:19:59.849621+00:00 | Debian Oval Importer | Affected by | VCID-g4dd-e3cb-aaaj | None | 36.0.0 |
| 2025-04-07T14:14:54.106900+00:00 | Debian Oval Importer | Affected by | VCID-jt91-yd9q-aaab | None | 36.0.0 |
| 2025-04-07T13:47:36.459269+00:00 | Debian Oval Importer | Affected by | VCID-jue6-2hcd-aaas | None | 36.0.0 |
| 2025-04-07T13:47:11.630762+00:00 | Debian Oval Importer | Affected by | VCID-rj5r-1412-aaas | None | 36.0.0 |
| 2025-04-07T12:29:52.078101+00:00 | Debian Oval Importer | Fixing | VCID-jue6-2hcd-aaas | None | 36.0.0 |
| 2025-04-07T12:22:24.461941+00:00 | Debian Oval Importer | Fixing | VCID-rj5r-1412-aaas | None | 36.0.0 |