{"id":"CVE-2019-1010006","details":"Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.","modified":"2026-04-10T04:11:45.153108Z","published":"2019-07-15T02:15:10.370Z","related":["SUSE-SU-2019:14141-1","SUSE-SU-2019:2052-1","SUSE-SU-2019:2080-1","SUSE-SU-2019:2080-2","SUSE-SU-2019:2098-1","openSUSE-SU-2019:1908-1","openSUSE-SU-2024:10742-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00046.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2020/Feb/18"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4067-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4624"},{"type":"REPORT","url":"https://bugzilla.gnome.org/show_bug.cgi?id=788980"},{"type":"REPORT","url":"http://bugzilla.maptools.org/show_bug.cgi?id=2745"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/evince","events":[{"introduced":"0"},{"last_affected":"b53823ee76a10ac4c306d4254c7bce82d1ee9ecb"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.26.0"}]}}],"versions":["3.1.2","3.1.90","3.1.90.1","3.10.0","3.11.1","3.11.3","3.11.90","3.11.92","3.13.3","3.13.3.1","3.13.90","3.13.91","3.13.92","3.14.0","3.14.1","3.15.4","3.15.90","3.15.92","3.16.0","3.17.1","3.17.2","3.17.3","3.17.4","3.17.92","3.18.0","3.19.92","3.2.0","3.2.1","3.20.0","3.21.3","3.21.4","3.21.92","3.22.0","3.24.0","3.25.4","3.25.91","3.25.92","3.26.0","3.3.2","3.3.3","3.3.3.1","3.3.4","3.3.5","3.3.90","3.3.92","3.4.0","3.5.2","3.5.3","3.5.4","3.5.5","3.5.90","3.5.92","3.6.0","3.7.1","3.7.4","3.7.5","3.7.90","3.7.92","3.8.0","3.9.2","3.9.3","3.9.4","3.9.5","3.9.90","BEFORE_GNOME_PRINT","BEFORE_NEW_UI_HANDLER_1","BEFORE_XPDF_3_MERGE","BONOBO_BEFORE_API_RENAME","ChangeLog","EAZEL-NAUTILUS-MS-AUG07","EAZEL-NAUTILUS-MS-JULY_5","EVINCE_0_1_0","EVINCE_0_1_1","EVINCE_0_1_3","EVINCE_0_1_4","EVINCE_0_1_5","EVINCE_0_1_6","EVINCE_0_1_7","EVINCE_0_1_8","EVINCE_0_1_9","EVINCE_0_2_0","EVINCE_0_2_1","EVINCE_0_3_0","EVINCE_0_3_1","EVINCE_0_3_3","EVINCE_0_4_0","EVINCE_0_5_0","EVINCE_0_5_1","EVINCE_0_5_2","EVINCE_0_5_3","EVINCE_0_5_4","EVINCE_0_5_5","EVINCE_0_6_0","EVINCE_0_6_1","EVINCE_0_7_0","EVINCE_0_7_1","EVINCE_0_7_2","EVINCE_0_8_0","EVINCE_0_8_1","EVINCE_0_9_0","EVINCE_0_9_1","EVINCE_0_9_2","EVINCE_0_9_3","EVINCE_2_19_4","EVINCE_2_19_92","EVINCE_2_20_0","EVINCE_2_21_1","EVINCE_2_21_90","EVINCE_2_21_91","EVINCE_2_22_0","EVINCE_2_22_1","EVINCE_2_22_1_1","EVINCE_2_23_4","EVINCE_2_23_5","EVINCE_2_23_91","EVINCE_2_23_92","EVINCE_2_24_0","EVINCE_2_24_1","EVINCE_2_25_1","EVINCE_2_25_2","EVINCE_2_25_4","EVINCE_2_25_5","EVINCE_2_25_90","EVINCE_2_25_91","EVINCE_2_25_92","EVINCE_2_26_0","EVINCE_2_27_1","EVINCE_2_27_3","EVINCE_2_27_4","EVINCE_2_27_90","EVINCE_2_29_1","EVINCE_2_29_2","EVINCE_2_29_3","EVINCE_2_29_4","EVINCE_2_29_5","EVINCE_2_29_91","EVINCE_2_29_92","EVINCE_2_30_0","EVINCE_2_31_1","EVINCE_2_31_2","EVINCE_2_31_3","EVINCE_2_31_4","EVINCE_2_31_4_1","EVINCE_2_31_5","EVINCE_2_31_6","EVINCE_2_31_6_1","EVINCE_2_31_90","EVINCE_2_91_0","EVINCE_2_91_1","EVINCE_2_91_2","EVINCE_2_91_3","EVINCE_2_91_4","EVINCE_2_91_5","EVINCE_2_91_6","EVINCE_2_91_90","EVINCE_2_91_92","EVINCE_2_91_93","EVINCE_3_0_0","GNOME_2_12_BRANCHPOINT","GNOME_2_14_BRANCHPOINT","GNOME_2_16_BRANCHPOINT","GNOME_2_4_ANCHOR","GNOME_2_6_ANCHOR","GNOME_2_8_ANCHOR","GPDF_0_100","GPDF_0_101","GPDF_0_102","GPDF_0_103","GPDF_0_104","GPDF_0_105","GPDF_0_106","GPDF_0_110","GPDF_0_111","GPDF_0_112","GPDF_0_112_1","GPDF_0_120","GPDF_0_121","GPDF_0_122","GPDF_0_123","GPDF_0_124","GPDF_0_125","GPDF_0_130","GPDF_0_131","GPDF_2_7_1","GPDF_2_7_2","GPDF_2_7_90","GPDF_2_7_91","GPDF_2_8_0","GPDF_2_8_1","GPDF_2_9_1","GPDF_FOR_GNOME_1_4","GPDF_MODES_ANCHOR","GPDF_OUTLINES_ANCHOR","XPDF_0_80","XPDF_1_01","XPDF_2_00","XPDF_2_01","XPDF_2_02","XPDF_2_03","XPDF_3_00","nautilus_ms_may_31","start"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010006.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}