user/atril: buffer overflow in tiff_document_render and tiff_document_get_thumbnail
Bugzilla ID | 178 |
Alias(es) | CVE-2019-1010006 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-08-13 16:55:28 -0500 |
Modified | 2019-09-13 03:43:33 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
URL | https://nvd.nist.gov/vuln/detail/CVE-2019-1010006 |
See also | https://bts.adelielinux.org/show_bug.cgi?id=148 |
Description
CVE-2019-1010006: https://nvd.nist.gov/vuln/detail/CVE-2019-1010006
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS /
Possible code execution. The component is:
backend/tiff/tiff-document.c. The attack vector is: Victim must open a
crafted PDF file. The issue occurs because of an incorrect integer
overflow protection mechanism in tiff_document_render and
tiff_document_get_thumbnail.
Unreleased fix: https://github.com/mate-desktop/atril/issues/386