Fluid Attacks Database

Description

Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	evince	>=0 <3.27.92-1	3.27.92-1
debian 11	atril	>=0 <1.22.2-1	1.22.2-1
debian 12	atril	>=0 <1.22.2-1	1.22.2-1
debian 13	atril	>=0 <1.22.2-1	1.22.2-1
debian 14	atril	>=0 <1.22.2-1	1.22.2-1
debian 11	evince	>=0 <3.27.92-1	3.27.92-1
debian 12	evince	>=0 <3.27.92-1	3.27.92-1
debian 13	evince	>=0 <3.27.92-1	3.27.92-1
rpm rhel5	evince	-	-
rpm rhel6	evince	-	-

Aliases

1. CVE-2019-10100062. NVD-2019-10100063. OSV-DEBIAN-2019-10100064. OSV-2019-10100065. SECURITY-TRACKER-CVE-2019-1010006

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.