CVE-2019-11459

CVE	CVE-2019-11459
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-04-22 22:29:00 UTC
Updated	2023-11-07 03:03:00 UTC
Description	The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.

Problem Types: CWE-754 | CWE-908

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.10	All	All	All
Operating System	Canonical	Ubuntu Linux	19.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.10	All	All	All
Operating System	Canonical	Ubuntu Linux	19.04	All	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	29	All	All	All
Operating System	Fedoraproject	Fedora	30	All	All	All
Application	Gnome	Evince	All	All	All	All
Operating System	Opensuse	Leap	15.0	All	All	All
Operating System	Opensuse	Leap	15.1	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.1	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.2	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.6	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	8.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	8.6	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	8.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	8.6	All	All	All

Reference	Source	Link	Tags
[SECURITY] Fedora 29 Update: evince-3.30.2-4.fc29 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Red Hat Customer Portal	REDHAT	access.redhat.com
[SECURITY] Fedora 29 Update: evince-3.30.2-4.fc29 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 30 Update: evince-3.32.0-3.fc30 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[security-announce] openSUSE-SU-2019:1667-1: moderate: Recommended updat	SUSE	lists.opensuse.org
Bugtraq: [SECURITY] [DSA 4624-1] evince security update	BUGTRAQ	seclists.org
[SECURITY] [DLA 1881-1] evince security update	MLIST	lists.debian.org
Debian -- Security Information -- DSA-4624-1 evince	DEBIAN	www.debian.org
(CVE-2019-11459) Uninitialized memory read in tiff_document_render() (#1129) · Issues · GNOME / evince · GitLab	MISC	gitlab.gnome.org	Patch, Third Party Advisory
[SECURITY] Fedora 30 Update: evince-3.32.0-3.fc30 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] [DLA 1882-1] atril security update	MLIST	lists.debian.org
USN-3959-1: Evince vulnerability \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

296079 Oracle Solaris 11.4 Support Repository Update (SRU) 15.5.0 Missing (CPUOCT2019)
377260 Alibaba Cloud Linux Security Update for poppler and evince (ALINUX2-SA-2020:0052)
500882 Alpine Linux Security Update for evince
504715 Alpine Linux Security Update for evince
670298 EulerOS Security Update for evince (EulerOS-SA-2021-1778)
671558 EulerOS Security Update for evince (EulerOS-SA-2022-1561)
940366 AlmaLinux Security Update for GNOME (ALSA-2019:3553)
960235 Rocky Linux Security Update for GNOME (RLSA-2019:3553)