CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-3718
https://notcve.org/view.php?id=CVE-2013-3718
01 Nov 2019 — evince is missing a check on number of pages which can lead to a segmentation fault evince está careciendo de una comprobación en el número de páginas que puede conllevar a un fallo de segmentación • http://bugzilla.gnome.org/show_bug.cgi?id=701302 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 2CVE-2019-1010006 – Ubuntu Security Notice USN-4067-1
https://notcve.org/view.php?id=CVE-2019-1010006
15 Jul 2019 — Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail. • http://bugzilla.maptools.org/show_bug.cgi?id=2745 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 0CVE-2019-11459 – evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail()
https://notcve.org/view.php?id=CVE-2019-11459
22 Apr 2019 — The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. Las funciones tiff_document_render() y tiff_document_get_thumbnail() en el backend de documentos TIFF en GNOME Evince hasta las versiones 3.32.0 no manejaron errores de TIFFReadRGBAImageOriented(), lo que llevó a un uso de memoria no inicializado ... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.html • CWE-125: Out-of-bounds Read CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000159 – Debian Security Advisory 4624-1
https://notcve.org/view.php?id=CVE-2017-1000159
27 Nov 2017 — Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91. Inyección de comandos en evince mediante un nombre de archivo al imprimir a PDF. Esto afecta a versiones anteriores a la 3.25.91. It was discovered that Evince incorrectly handled printing certain DVI files. • https://bugzilla.gnome.org/show_bug.cgi?id=784947 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 78%CPEs: 16EXPL: 5CVE-2017-1000083 – Evince 3.24.0 - Command Injection
https://notcve.org/view.php?id=CVE-2017-1000083
14 Jul 2017 — backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename. El archivo backend/comics/comics-document.c (también conocido como comic book backend) en versiones anteriores a la v3.24.1 de GNOME Evince permite que atacantes remoto... • https://packetstorm.news/files/id/150305 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 2%CPEs: 3EXPL: 0CVE-2011-0433 – t1lib: Heap-based buffer overflow DVI file AFM font parser
https://notcve.org/view.php?id=CVE-2011-0433
19 Nov 2012 — Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642. Un desbordamiento de búfer basado en memoria dinámica ('heap') en la función linetoken en afmparse.c en t1lib, tal y como se utiliza en teTeX v3.0.x, GNOME Ev... • http://rhn.redhat.com/errata/RHSA-2012-1201.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2011-5244 – Gentoo Linux Security Advisory 201701-57
https://notcve.org/view.php?id=CVE-2011-5244
19 Nov 2012 — Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433. Multiples errores off-by-one en las funciones (1) token y (2) linetoken en backend/dvi/MDVI-lib/afmpa... • http://git.gnome.org/browse/evince/commit/?id=439c5070022e • CWE-189: Numeric Errors •