OESA-2022-1550

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1550
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2022-1550.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2022-1550
Upstream
Published
2022-03-07T11:03:34Z
Modified
2025-08-12T05:04:07.236348Z
Summary
evince security update
Details

Evince is a document viewer for multiple document formats. The goal of evince is to replace the multiple document viewers that exist on the GNOME Desktop with a single simple application. Evince is specifically designed to support the file following formats: PDF, Postscript, djvu, tiff, dvi, XPS, SyncTex support with gedit, comics books (cbr,cbz,cb7 and cbt).

Security Fix(es):

The tiffdocumentrender() and tiffdocumentget_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.(CVE-2019-11459)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / evince

Package

Name
evince
Purl
pkg:rpm/openEuler/evince&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.30.1-4.oe1

Ecosystem specific 

{
    "src": [
        "evince-3.30.1-4.oe1.src.rpm"
    ],
    "x86_64": [
        "evince-debuginfo-3.30.1-4.oe1.x86_64.rpm",
        "evince-devel-3.30.1-4.oe1.x86_64.rpm",
        "evince-debugsource-3.30.1-4.oe1.x86_64.rpm",
        "evince-3.30.1-4.oe1.x86_64.rpm",
        "evince-help-3.30.1-4.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "evince-help-3.30.1-4.oe1.aarch64.rpm",
        "evince-3.30.1-4.oe1.aarch64.rpm",
        "evince-debuginfo-3.30.1-4.oe1.aarch64.rpm",
        "evince-devel-3.30.1-4.oe1.aarch64.rpm",
        "evince-debugsource-3.30.1-4.oe1.aarch64.rpm"
    ]
}

openEuler:20.03-LTS-SP2 / evince

Package

Name
evince
Purl
pkg:rpm/openEuler/evince&distro=openEuler-20.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.30.1-4.oe1

Ecosystem specific 

{
    "src": [
        "evince-3.30.1-4.oe1.src.rpm"
    ],
    "x86_64": [
        "evince-debuginfo-3.30.1-4.oe1.x86_64.rpm",
        "evince-help-3.30.1-4.oe1.x86_64.rpm",
        "evince-3.30.1-4.oe1.x86_64.rpm",
        "evince-devel-3.30.1-4.oe1.x86_64.rpm",
        "evince-debugsource-3.30.1-4.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "evince-devel-3.30.1-4.oe1.aarch64.rpm",
        "evince-debuginfo-3.30.1-4.oe1.aarch64.rpm",
        "evince-debugsource-3.30.1-4.oe1.aarch64.rpm",
        "evince-help-3.30.1-4.oe1.aarch64.rpm",
        "evince-3.30.1-4.oe1.aarch64.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / evince

Package

Name
evince
Purl
pkg:rpm/openEuler/evince&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.30.1-4.oe1

Ecosystem specific 

{
    "src": [
        "evince-3.30.1-4.oe1.src.rpm"
    ],
    "x86_64": [
        "evince-help-3.30.1-4.oe1.x86_64.rpm",
        "evince-3.30.1-4.oe1.x86_64.rpm",
        "evince-debuginfo-3.30.1-4.oe1.x86_64.rpm",
        "evince-debugsource-3.30.1-4.oe1.x86_64.rpm",
        "evince-devel-3.30.1-4.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "evince-3.30.1-4.oe1.aarch64.rpm",
        "evince-help-3.30.1-4.oe1.aarch64.rpm",
        "evince-debugsource-3.30.1-4.oe1.aarch64.rpm",
        "evince-debuginfo-3.30.1-4.oe1.aarch64.rpm",
        "evince-devel-3.30.1-4.oe1.aarch64.rpm"
    ]
}