Source: evince Version: 3.30.2-3 Severity: important Tags: security upstream Control: clone -1 -2 Control: reassign -2 src:atril 1.20.3-1 Control: retitle -2 atril: CVE-2019-11459: Uninitialized memory read Control: forwarded -1 https://gitlab.gnome.org/GNOME/evince/issues/1129
Hi, The following vulnerability was published for evince (and same issue in atril, thus cloning the bug). CVE-2019-11459[0]: | The tiff_document_render() and tiff_document_get_thumbnail() functions | in the TIFF document backend in GNOME Evince through 3.32.0 did not | handle errors from TIFFReadRGBAImageOriented(), leading to | uninitialized memory use when processing certain TIFF image files. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-11459 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11459 [1] https://gitlab.gnome.org/GNOME/evince/issues/1129 Please adjust the affected versions in the BTS as needed. Regards, Salvatore

