CVE-2019-11459 — MEDIUM (5.5)

Q: How severe is CVE-2019-11459?

CVE-2019-11459 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-11459?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Evince, Canonical Ubuntu Linux, Fedoraproject Fedora, Debian Debian Linux, Redhat Enterprise Linux.

Vulnerability Description

The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Gnome	Evince	<= 3.32.0
Canonical	Ubuntu Linux	16.04
Fedoraproject	Fedora	29
Debian	Debian Linux	8.0
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux Eus	8.1
Redhat	Enterprise Linux Server Aus	8.2
Redhat	Enterprise Linux Server Tus	8.2
Opensuse	Leap	15.0

Related Weaknesses (CWE)

CWE-754 CWE-908

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.htmlMailing ListThird Party Advisory
https://access.redhat.com/errata/RHSA-2019:3553Third Party Advisory
https://gitlab.gnome.org/GNOME/evince/issues/1129PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/08/msg00013.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/08/msg00014.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://seclists.org/bugtraq/2020/Feb/18Mailing ListThird Party Advisory
https://usn.ubuntu.com/3959-1/Third Party Advisory
https://www.debian.org/security/2020/dsa-4624Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.htmlMailing ListThird Party Advisory
https://access.redhat.com/errata/RHSA-2019:3553Third Party Advisory
https://gitlab.gnome.org/GNOME/evince/issues/1129PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/08/msg00013.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/08/msg00014.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2019-11459?

CVE-2019-11459 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to un...

How severe is CVE-2019-11459?

CVE-2019-11459 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-11459?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Evince, Canonical Ubuntu Linux, Fedoraproject Fedora, Debian Debian Linux, Redhat Enterprise Linux.