Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:2098-1

Опубликовано: 09 авг. 2019
Источник: suse-cvrf

Описание

Security update for evince

This update for evince fixes the following issues:

Security issues fixed:

  • CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037).
  • CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619).

Список пакетов

SUSE Linux Enterprise Server 12 SP1-LTSS
evince-3.10.3-2.8.1
evince-lang-3.10.3-2.8.1
libevdocument3-4-3.10.3-2.8.1
libevview3-3-3.10.3-2.8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
evince-3.10.3-2.8.1
evince-lang-3.10.3-2.8.1
libevdocument3-4-3.10.3-2.8.1
libevview3-3-3.10.3-2.8.1

Ссылки

Описание

Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:evince-3.10.3-2.8.1
SUSE Linux Enterprise Server 12 SP1-LTSS:evince-lang-3.10.3-2.8.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libevdocument3-4-3.10.3-2.8.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libevview3-3-3.10.3-2.8.1
Ссылки

Описание

The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:evince-3.10.3-2.8.1
SUSE Linux Enterprise Server 12 SP1-LTSS:evince-lang-3.10.3-2.8.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libevdocument3-4-3.10.3-2.8.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libevview3-3-3.10.3-2.8.1
Ссылки