CVE-2019-11459

Description

The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.

CVSS Metrics

• v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
• v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.44%• Percentile: 63%

Techniques & Countermeasures

• CWE-754•Improper Check for Unusual or Exceptional Conditions

  The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

• CWE-908•Use of Uninitialized Resource

  The product uses or accesses a resource that has not been initialized.

Affected Systems

• canonical•ubuntu_linux

  16.04 | 18.04 | 18.10 | 19.04

• debian•debian_linux

  8.0 | 9.0 | 10.0

• fedoraproject•fedora

  29 | 30

• gnome•evince

  ≤ 3.32.0

• opensuse•leap

  15.0 | 15.1

• redhat•enterprise_linux

  8.0

• redhat•enterprise_linux_eus

  8.1 | 8.2 | 8.4 | 8.6

• redhat•enterprise_linux_server_aus

  8.2 | 8.4 | 8.6

• redhat•enterprise_linux_server_tus

  8.2 | 8.4 | 8.6

References (10)

• https://gitlab.gnome.org/GNOME/evince/issues/1129
• https://usn.ubuntu.com/3959-1/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LU4YZK5S46TZAH4J3NYYUYFMOC47LJG/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ6R7NMY44IHIQIY24CV3WV2GLGJPQPZ/
• http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.html
• https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html
• https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html
• https://access.redhat.com/errata/RHSA-2019:3553
• https://www.debian.org/security/2020/dsa-4624
• https://seclists.org/bugtraq/2020/Feb/18