user/atril: buffer overflow in tiff_document_render and tiff_document_get_thumbnail (#178) · Issues · Adélie Linux / Adélie Package Tree

user/atril: buffer overflow in tiff_document_render and tiff_document_get_thumbnail


Bugzilla ID	178
Alias(es)	CVE-2019-1010006
Reporter	Max Rees (sroracle)
Assignee	Max Rees (sroracle)
Reported	2019-08-13 16:55:28 -0500
Modified	2019-09-13 03:43:33 -0500
Status	RESOLVED FIXED
Version	1.0-BETA3
Hardware	Adélie Linux / All
Importance	--- / normal
URL	https://nvd.nist.gov/vuln/detail/CVE-2019-1010006
See also	https://bts.adelielinux.org/show_bug.cgi?id=148

Description

CVE-2019-1010006: https://nvd.nist.gov/vuln/detail/CVE-2019-1010006

Evince 3.26.0 is affected by buffer overflow. The impact is: DOS /
Possible code execution. The component is:
backend/tiff/tiff-document.c. The attack vector is: Victim must open a
crafted PDF file. The issue occurs because of an incorrect integer
overflow protection mechanism in tiff_document_render and
tiff_document_get_thumbnail.

Unreleased fix: https://github.com/mate-desktop/atril/issues/386