Search for packages
| purl | pkg:deb/ubuntu/evince@2.29.1-0ubuntu1 |
| Next non-vulnerable version | 3.32.0-1ubuntu1 |
| Latest non-vulnerable version | 3.32.0-1ubuntu1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-g4dd-e3cb-aaaj
Aliases: CVE-2019-11459 |
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. |
Affected by 0 other vulnerabilities. |
|
VCID-jt91-yd9q-aaab
Aliases: CVE-2019-1010006 |
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail. |
Affected by 1 other vulnerability. |
|
VCID-jue6-2hcd-aaas
Aliases: CVE-2017-1000083 |
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-rj5r-1412-aaas
Aliases: CVE-2017-1000159 |
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91. |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|