Vulnerability Details : CVE-2019-11459
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
Exploit prediction scoring system (EPSS) score for CVE-2019-11459
Probability of exploitation activity in the next 30 days: 0.40%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 70 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2019-11459
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
[email protected] |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
[email protected] |
CWE ids for CVE-2019-11459
-
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.Assigned by: [email protected] (Primary)
-
The product uses or accesses a resource that has not been initialized.Assigned by: [email protected] (Primary)
References for CVE-2019-11459
-
https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html
Mailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html
Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.html
Mailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/[email protected]/message/YJ6R7NMY44IHIQIY24CV3WV2GLGJPQPZ/
Mailing List;Third Party Advisory
-
https://seclists.org/bugtraq/2020/Feb/18
Mailing List;Third Party Advisory
-
https://www.debian.org/security/2020/dsa-4624
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3553
Third Party Advisory
-
https://gitlab.gnome.org/GNOME/evince/issues/1129
Patch;Third Party Advisory
-
https://usn.ubuntu.com/3959-1/
Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/[email protected]/message/7LU4YZK5S46TZAH4J3NYYUYFMOC47LJG/
Mailing List;Third Party Advisory
Products affected by CVE-2019-11459
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:evince:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*