CVE-2013-3718
https://notcve.org/view.php?id=CVE-2013-3718
evince is missing a check on number of pages which can lead to a segmentation fault evince está careciendo de una comprobación en el número de páginas que puede conllevar a un fallo de segmentación • http://bugzilla.gnome.org/show_bug.cgi?id=701302 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-3718 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-3718 https://security-tracker.debian.org/tracker/CVE-2013-3718 • CWE-20: Improper Input Validation •
CVE-2019-1010006
https://notcve.org/view.php?id=CVE-2019-1010006
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail. • http://bugzilla.maptools.org/show_bug.cgi?id=2745 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00046.html https://bugzilla.gnome.org/show_bug.cgi?id=788980 https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html https://seclists.org/bugtraq/2020/Feb/18 https://usn.ubuntu.com/4067-1 https://www.debian.org/security/2020/dsa-4624 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2019-11459 – evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail()
https://notcve.org/view.php?id=CVE-2019-11459
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. Las funciones tiff_document_render() y tiff_document_get_thumbnail() en el backend de documentos TIFF en GNOME Evince hasta las versiones 3.32.0 no manejaron errores de TIFFReadRGBAImageOriented(), lo que llevó a un uso de memoria no inicializado cuando se procesaron ciertos archivos de imagen TIFF. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.html https://access.redhat.com/errata/RHSA-2019:3553 https://gitlab.gnome.org/GNOME/evince/issues/1129 https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LU4YZK5S46TZAH4J3NYYUYFMOC47LJG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject • CWE-125: Out-of-bounds Read CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-908: Use of Uninitialized Resource •
CVE-2017-1000159
https://notcve.org/view.php?id=CVE-2017-1000159
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91. Inyección de comandos en evince mediante un nombre de archivo al imprimir a PDF. Esto afecta a versiones anteriores a la 3.25.91. • https://bugzilla.gnome.org/show_bug.cgi?id=784947 https://lists.debian.org/debian-lts-announce/2017/12/msg00006.html https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html https://seclists.org/bugtraq/2020/Feb/18 https://security.gentoo.org/glsa/201804-15 https://www.debian.org/security/2020/dsa-4624 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2017-1000083 – Evince 3.24.0 - Command Injection
https://notcve.org/view.php?id=CVE-2017-1000083
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename. El archivo backend/comics/comics-document.c (también conocido como comic book backend) en versiones anteriores a la v3.24.1 de GNOME Evince permite que atacantes remotos ejecuten comandos arbitrarios utilizando un archivo .cbt, que es un archivo TAR que contiene un nombre de archivo que comienza con un substring de opción de línea de comandos "--". Esto ha sido demostrado con --checkpoint-action=exec=bash al principio del nombre de archivo. It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program. • https://www.exploit-db.com/exploits/45824 https://www.exploit-db.com/exploits/46341 http://seclists.org/oss-sec/2017/q3/128 http://www.debian.org/security/2017/dsa-3911 http://www.securityfocus.com/bid/99597 https://access.redhat.com/errata/RHSA-2017:2388 https://bugzilla.gnome.org/show_bug.cgi?id=784630 https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee https://access.redhat.com/security/cve/CVE-2017-1000083 https://bugzilla.redhat.com/show_bug • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •