CVE-2019-11459

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-11459
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11459.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-11459
Downstream
Related
Published
2019-04-22T22:29:00.403Z
Modified
2026-04-16T01:39:38.449885220Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The tiffdocumentrender() and tiffdocumentget_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "16.04"
                }
            ],
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "18.04"
                }
            ],
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "18.10"
                }
            ],
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "19.04"
                }
            ],
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "10.0"
                }
            ],
            "cpe": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ],
            "cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ],
            "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "29"
                }
            ],
            "cpe": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "30"
                }
            ],
            "cpe": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "15.0"
                }
            ],
            "cpe": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "15.1"
                }
            ],
            "cpe": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8.1"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8.2"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8.4"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8.6"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8.2"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8.4"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8.6"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8.2"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8.4"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8.6"
                }
            ],
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*"
        }
    ]
}
References

Affected packages

Git / github.com/gnome/evince

Affected ranges

Type
GIT
Repo
https://github.com/gnome/evince
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
10da4bcec1cdd535a267e4b8e971668a47f0138b
Database specific 
{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.32.0"
        }
    ],
    "cpe": "cpe:2.3:a:gnome:evince:*:*:*:*:*:*:*:*"
}

Affected versions

3.*
3.1.2
3.1.90
3.1.90.1
3.10.0
3.11.1
3.11.3
3.11.90
3.11.92
3.13.3
3.13.3.1
3.13.90
3.13.91
3.13.92
3.14.0
3.14.1
3.15.4
3.15.90
3.15.92
3.16.0
3.17.1
3.17.2
3.17.3
3.17.4
3.17.92
3.18.0
3.19.92
3.2.0
3.2.1
3.20.0
3.21.3
3.21.4
3.21.92
3.22.0
3.24.0
3.25.4
3.25.91
3.25.92
3.26.0
3.27.91
3.27.92
3.28.1
3.29.1
3.29.90
3.29.91
3.29.92
3.3.2
3.3.3
3.3.3.1
3.3.4
3.3.5
3.3.90
3.3.92
3.30.0
3.31.1
3.31.2
3.31.3
3.31.4
3.31.90
3.31.91
3.32.0
3.4.0
3.5.2
3.5.3
3.5.4
3.5.5
3.5.90
3.5.92
3.6.0
3.7.1
3.7.4
3.7.5
3.7.90
3.7.92
3.8.0
3.9.2
3.9.3
3.9.4
3.9.5
3.9.90
Other
BEFORE_GNOME_PRINT
BEFORE_NEW_UI_HANDLER_1
BEFORE_XPDF_3_MERGE
BONOBO_BEFORE_API_RENAME
ChangeLog
EAZEL-NAUTILUS-MS-AUG07
EAZEL-NAUTILUS-MS-JULY_5
EVINCE_0_1_0
EVINCE_0_1_1
EVINCE_0_1_3
EVINCE_0_1_4
EVINCE_0_1_5
EVINCE_0_1_6
EVINCE_0_1_7
EVINCE_0_1_8
EVINCE_0_1_9
EVINCE_0_2_0
EVINCE_0_2_1
EVINCE_0_3_0
EVINCE_0_3_1
EVINCE_0_3_3
EVINCE_0_4_0
EVINCE_0_5_0
EVINCE_0_5_1
EVINCE_0_5_2
EVINCE_0_5_3
EVINCE_0_5_4
EVINCE_0_5_5
EVINCE_0_6_0
EVINCE_0_6_1
EVINCE_0_7_0
EVINCE_0_7_1
EVINCE_0_7_2
EVINCE_0_8_0
EVINCE_0_8_1
EVINCE_0_9_0
EVINCE_0_9_1
EVINCE_0_9_2
EVINCE_0_9_3
EVINCE_2_19_4
EVINCE_2_19_92
EVINCE_2_20_0
EVINCE_2_21_1
EVINCE_2_21_90
EVINCE_2_21_91
EVINCE_2_22_0
EVINCE_2_22_1
EVINCE_2_22_1_1
EVINCE_2_23_4
EVINCE_2_23_5
EVINCE_2_23_91
EVINCE_2_23_92
EVINCE_2_24_0
EVINCE_2_24_1
EVINCE_2_25_1
EVINCE_2_25_2
EVINCE_2_25_4
EVINCE_2_25_5
EVINCE_2_25_90
EVINCE_2_25_91
EVINCE_2_25_92
EVINCE_2_26_0
EVINCE_2_27_1
EVINCE_2_27_3
EVINCE_2_27_4
EVINCE_2_27_90
EVINCE_2_29_1
EVINCE_2_29_2
EVINCE_2_29_3
EVINCE_2_29_4
EVINCE_2_29_5
EVINCE_2_29_91
EVINCE_2_29_92
EVINCE_2_30_0
EVINCE_2_31_1
EVINCE_2_31_2
EVINCE_2_31_3
EVINCE_2_31_4
EVINCE_2_31_4_1
EVINCE_2_31_5
EVINCE_2_31_6
EVINCE_2_31_6_1
EVINCE_2_31_90
EVINCE_2_91_0
EVINCE_2_91_1
EVINCE_2_91_2
EVINCE_2_91_3
EVINCE_2_91_4
EVINCE_2_91_5
EVINCE_2_91_6
EVINCE_2_91_90
EVINCE_2_91_92
EVINCE_2_91_93
EVINCE_3_0_0
GNOME_2_12_BRANCHPOINT
GNOME_2_14_BRANCHPOINT
GNOME_2_16_BRANCHPOINT
GNOME_2_4_ANCHOR
GNOME_2_6_ANCHOR
GNOME_2_8_ANCHOR
GPDF_0_100
GPDF_0_101
GPDF_0_102
GPDF_0_103
GPDF_0_104
GPDF_0_105
GPDF_0_106
GPDF_0_110
GPDF_0_111
GPDF_0_112
GPDF_0_112_1
GPDF_0_120
GPDF_0_121
GPDF_0_122
GPDF_0_123
GPDF_0_124
GPDF_0_125
GPDF_0_130
GPDF_0_131
GPDF_2_7_1
GPDF_2_7_2
GPDF_2_7_90
GPDF_2_7_91
GPDF_2_8_0
GPDF_2_8_1
GPDF_2_9_1
GPDF_FOR_GNOME_1_4
GPDF_MODES_ANCHOR
GPDF_OUTLINES_ANCHOR
XPDF_0_80
XPDF_1_01
XPDF_2_00
XPDF_2_01
XPDF_2_02
XPDF_2_03
XPDF_3_00
nautilus_ms_may_31
start

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11459.json"