Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for evince by gnome

    CVE-2013-3718 (GCVE-0-2013-3718)

    Vulnerability from nvd – Published: 2019-11-01 12:24 – Updated: 2024-08-06 16:21
    VLAI
    Summary
    evince is missing a check on number of pages which can lead to a segmentation fault
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:21:59.657Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2013-3718"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-3718"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-3718"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugzilla.gnome.org/show_bug.cgi?id=701302"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "evince is missing a check on number of pages which can lead to a segmentation fault"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-01T12:24:33.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2013-3718"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-3718"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-3718"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugzilla.gnome.org/show_bug.cgi?id=701302"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-3718",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "evince is missing a check on number of pages which can lead to a segmentation fault"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2013-3718",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2013-3718"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-3718",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-3718"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-3718",
                  "refsource": "MISC",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-3718"
                },
                {
                  "name": "http://bugzilla.gnome.org/show_bug.cgi?id=701302",
                  "refsource": "MISC",
                  "url": "http://bugzilla.gnome.org/show_bug.cgi?id=701302"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-3718",
        "datePublished": "2019-11-01T12:24:33.000Z",
        "dateReserved": "2013-05-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:21:59.657Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1010006 (GCVE-0-2019-1010006)

    Vulnerability from nvd – Published: 2019-07-15 01:50 – Updated: 2024-08-05 03:07
    VLAI
    Summary
    Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.
    Severity
    No CVSS data available.
    CWE
    • Buffer Overflow
    Assigner
    dwf
    References
    Impacted products
    Vendor Product Version
    Evince Team Evince Affected: 3.26.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:07:18.014Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=788980"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2745"
              },
              {
                "name": "USN-4067-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4067-1/"
              },
              {
                "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"
              },
              {
                "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"
              },
              {
                "name": "openSUSE-SU-2019:1908",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00046.html"
              },
              {
                "name": "DSA-4624",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4624"
              },
              {
                "name": "20200216 [SECURITY] [DSA 4624-1] evince security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/18"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Evince",
              "vendor": "Evince Team",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.26.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T06:06:07.000Z",
            "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
            "shortName": "dwf"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=788980"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2745"
            },
            {
              "name": "USN-4067-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4067-1/"
            },
            {
              "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"
            },
            {
              "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"
            },
            {
              "name": "openSUSE-SU-2019:1908",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00046.html"
            },
            {
              "name": "DSA-4624",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4624"
            },
            {
              "name": "20200216 [SECURITY] [DSA 4624-1] evince security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/18"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@distributedweaknessfiling.org",
              "ID": "CVE-2019-1010006",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Evince",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.26.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Evince Team"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=788980",
                  "refsource": "MISC",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=788980"
                },
                {
                  "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2745",
                  "refsource": "MISC",
                  "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2745"
                },
                {
                  "name": "USN-4067-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4067-1/"
                },
                {
                  "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"
                },
                {
                  "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"
                },
                {
                  "name": "openSUSE-SU-2019:1908",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00046.html"
                },
                {
                  "name": "DSA-4624",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4624"
                },
                {
                  "name": "20200216 [SECURITY] [DSA 4624-1] evince security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/18"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
        "assignerShortName": "dwf",
        "cveId": "CVE-2019-1010006",
        "datePublished": "2019-07-15T01:50:17.000Z",
        "dateReserved": "2019-03-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:07:18.014Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11459 (GCVE-0-2019-11459)

    Vulnerability from nvd – Published: 2019-04-22 20:26 – Updated: 2024-08-04 22:55
    VLAI
    Summary
    The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://gitlab.gnome.org/GNOME/evince/issues/1129 x_refsource_MISC
    https://usn.ubuntu.com/3959-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2019:3553 vendor-advisoryx_refsource_REDHAT
    https://www.debian.org/security/2020/dsa-4624 vendor-advisoryx_refsource_DEBIAN
    https://seclists.org/bugtraq/2020/Feb/18 mailing-listx_refsource_BUGTRAQ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:55:40.119Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.gnome.org/GNOME/evince/issues/1129"
              },
              {
                "name": "USN-3959-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3959-1/"
              },
              {
                "name": "FEDORA-2019-6316c0663e",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LU4YZK5S46TZAH4J3NYYUYFMOC47LJG/"
              },
              {
                "name": "FEDORA-2019-ff2b5b5b47",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ6R7NMY44IHIQIY24CV3WV2GLGJPQPZ/"
              },
              {
                "name": "openSUSE-SU-2019:1667",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.html"
              },
              {
                "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"
              },
              {
                "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"
              },
              {
                "name": "RHSA-2019:3553",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3553"
              },
              {
                "name": "DSA-4624",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4624"
              },
              {
                "name": "20200216 [SECURITY] [DSA 4624-1] evince security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/18"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T06:06:06.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.gnome.org/GNOME/evince/issues/1129"
            },
            {
              "name": "USN-3959-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3959-1/"
            },
            {
              "name": "FEDORA-2019-6316c0663e",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LU4YZK5S46TZAH4J3NYYUYFMOC47LJG/"
            },
            {
              "name": "FEDORA-2019-ff2b5b5b47",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ6R7NMY44IHIQIY24CV3WV2GLGJPQPZ/"
            },
            {
              "name": "openSUSE-SU-2019:1667",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.html"
            },
            {
              "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"
            },
            {
              "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"
            },
            {
              "name": "RHSA-2019:3553",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3553"
            },
            {
              "name": "DSA-4624",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4624"
            },
            {
              "name": "20200216 [SECURITY] [DSA 4624-1] evince security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/18"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-11459",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.gnome.org/GNOME/evince/issues/1129",
                  "refsource": "MISC",
                  "url": "https://gitlab.gnome.org/GNOME/evince/issues/1129"
                },
                {
                  "name": "USN-3959-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3959-1/"
                },
                {
                  "name": "FEDORA-2019-6316c0663e",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LU4YZK5S46TZAH4J3NYYUYFMOC47LJG/"
                },
                {
                  "name": "FEDORA-2019-ff2b5b5b47",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJ6R7NMY44IHIQIY24CV3WV2GLGJPQPZ/"
                },
                {
                  "name": "openSUSE-SU-2019:1667",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.html"
                },
                {
                  "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"
                },
                {
                  "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"
                },
                {
                  "name": "RHSA-2019:3553",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3553"
                },
                {
                  "name": "DSA-4624",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4624"
                },
                {
                  "name": "20200216 [SECURITY] [DSA 4624-1] evince security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/18"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-11459",
        "datePublished": "2019-04-22T20:26:32.000Z",
        "dateReserved": "2019-04-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:55:40.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1000159 (GCVE-0-2017-1000159)

    Vulnerability from nvd – Published: 2017-11-27 15:00 – Updated: 2024-08-05 21:53
    VLAI
    Summary
    Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://security.gentoo.org/glsa/201804-15 vendor-advisoryx_refsource_GENTOO
    https://lists.debian.org/debian-lts-announce/2017… mailing-listx_refsource_MLIST
    https://bugzilla.gnome.org/show_bug.cgi?id=784947 x_refsource_CONFIRM
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2020/dsa-4624 vendor-advisoryx_refsource_DEBIAN
    https://seclists.org/bugtraq/2020/Feb/18 mailing-listx_refsource_BUGTRAQ
    Date Public
    2017-07-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:53:07.215Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201804-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201804-15"
              },
              {
                "name": "[debian-lts-announce] 20171211 [SECURITY] [DLA 1204-1] evince security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=784947"
              },
              {
                "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"
              },
              {
                "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"
              },
              {
                "name": "DSA-4624",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4624"
              },
              {
                "name": "20200216 [SECURITY] [DSA 4624-1] evince security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/18"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2017-08-22T00:00:00.000Z",
          "datePublic": "2017-07-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T06:06:06.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-201804-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201804-15"
            },
            {
              "name": "[debian-lts-announce] 20171211 [SECURITY] [DLA 1204-1] evince security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=784947"
            },
            {
              "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"
            },
            {
              "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"
            },
            {
              "name": "DSA-4624",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4624"
            },
            {
              "name": "20200216 [SECURITY] [DSA 4624-1] evince security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/18"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2017-08-22T17:29:33.371820",
              "ID": "CVE-2017-1000159",
              "REQUESTER": "hanno@hboeck.de",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201804-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201804-15"
                },
                {
                  "name": "[debian-lts-announce] 20171211 [SECURITY] [DLA 1204-1] evince security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00006.html"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=784947",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=784947"
                },
                {
                  "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"
                },
                {
                  "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"
                },
                {
                  "name": "DSA-4624",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4624"
                },
                {
                  "name": "20200216 [SECURITY] [DSA 4624-1] evince security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/18"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-1000159",
        "datePublished": "2017-11-27T15:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T21:53:07.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1000083 (GCVE-0-2017-1000083)

    Vulnerability from nvd – Published: 2017-09-05 06:00 – Updated: 2024-08-05 21:53
    VLAI
    Summary
    backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-09-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:53:06.517Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "46341",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/46341/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2017/q3/128"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=784630"
              },
              {
                "name": "99597",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99597"
              },
              {
                "name": "RHSA-2017:2388",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2388"
              },
              {
                "name": "DSA-3911",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3911"
              },
              {
                "name": "45824",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45824/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2017-07-10T00:00:00.000Z",
          "datePublic": "2017-09-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a \"--\" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-12T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "46341",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/46341/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://seclists.org/oss-sec/2017/q3/128"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=784630"
            },
            {
              "name": "99597",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99597"
            },
            {
              "name": "RHSA-2017:2388",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2388"
            },
            {
              "name": "DSA-3911",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3911"
            },
            {
              "name": "45824",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45824/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2017-07-10",
              "ID": "CVE-2017-1000083",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a \"--\" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "46341",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/46341/"
                },
                {
                  "name": "http://seclists.org/oss-sec/2017/q3/128",
                  "refsource": "MISC",
                  "url": "http://seclists.org/oss-sec/2017/q3/128"
                },
                {
                  "name": "https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee",
                  "refsource": "MISC",
                  "url": "https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=784630",
                  "refsource": "MISC",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=784630"
                },
                {
                  "name": "99597",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99597"
                },
                {
                  "name": "RHSA-2017:2388",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2388"
                },
                {
                  "name": "DSA-3911",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3911"
                },
                {
                  "name": "45824",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45824/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-1000083",
        "datePublished": "2017-09-05T06:00:00.000Z",
        "dateReserved": "2017-07-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T21:53:06.517Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5244 (GCVE-0-2011-5244)

    Vulnerability from nvd – Published: 2012-11-19 11:00 – Updated: 2024-08-07 00:30
    VLAI
    Summary
    Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-03-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:46.795Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=643882"
              },
              {
                "name": "evince-token-code-exec(80271)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80271"
              },
              {
                "name": "[oss-security] 20110304 Re: Re: CVE request: More Evince overflows",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/03/04/21"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010"
              },
              {
                "name": "GLSA-201701-57",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-57"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/evince/commit/?id=439c5070022e"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-03-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=643882"
            },
            {
              "name": "evince-token-code-exec(80271)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80271"
            },
            {
              "name": "[oss-security] 20110304 Re: Re: CVE request: More Evince overflows",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/03/04/21"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010"
            },
            {
              "name": "GLSA-201701-57",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-57"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://git.gnome.org/browse/evince/commit/?id=439c5070022e"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5244",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=643882",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=643882"
                },
                {
                  "name": "evince-token-code-exec(80271)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80271"
                },
                {
                  "name": "[oss-security] 20110304 Re: Re: CVE request: More Evince overflows",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/03/04/21"
                },
                {
                  "name": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010",
                  "refsource": "MISC",
                  "url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010"
                },
                {
                  "name": "GLSA-201701-57",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-57"
                },
                {
                  "name": "http://git.gnome.org/browse/evince/commit/?id=439c5070022e",
                  "refsource": "MISC",
                  "url": "http://git.gnome.org/browse/evince/commit/?id=439c5070022e"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5244",
        "datePublished": "2012-11-19T11:00:00.000Z",
        "dateReserved": "2012-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:30:46.795Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0433 (GCVE-0-2011-0433)

    Vulnerability from nvd – Published: 2012-11-19 11:00 – Updated: 2024-08-06 21:51
    VLAI
    Summary
    Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-01-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:51:08.799Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=679732"
              },
              {
                "name": "48985",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48985"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/"
              },
              {
                "name": "RHSA-2012:1201",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=640923"
              },
              {
                "name": "MDVSA-2012:144",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
              },
              {
                "name": "GLSA-201701-57",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-57"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-01-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-30T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=679732"
            },
            {
              "name": "48985",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48985"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/"
            },
            {
              "name": "RHSA-2012:1201",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=640923"
            },
            {
              "name": "MDVSA-2012:144",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
            },
            {
              "name": "GLSA-201701-57",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-57"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0433",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=679732",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=679732"
                },
                {
                  "name": "48985",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48985"
                },
                {
                  "name": "http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/",
                  "refsource": "MISC",
                  "url": "http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/"
                },
                {
                  "name": "RHSA-2012:1201",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=640923",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=640923"
                },
                {
                  "name": "MDVSA-2012:144",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
                },
                {
                  "name": "GLSA-201701-57",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-57"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0433",
        "datePublished": "2012-11-19T11:00:00.000Z",
        "dateReserved": "2011-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:51:08.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3718 (GCVE-0-2013-3718)

    Vulnerability from cvelistv5 – Published: 2019-11-01 12:24 – Updated: 2024-08-06 16:21
    VLAI
    Summary
    evince is missing a check on number of pages which can lead to a segmentation fault
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:21:59.657Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2013-3718"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-3718"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-3718"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugzilla.gnome.org/show_bug.cgi?id=701302"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "evince is missing a check on number of pages which can lead to a segmentation fault"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-01T12:24:33.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2013-3718"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-3718"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-3718"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugzilla.gnome.org/show_bug.cgi?id=701302"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-3718",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "evince is missing a check on number of pages which can lead to a segmentation fault"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2013-3718",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2013-3718"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-3718",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-3718"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-3718",
                  "refsource": "MISC",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-3718"
                },
                {
                  "name": "http://bugzilla.gnome.org/show_bug.cgi?id=701302",
                  "refsource": "MISC",
                  "url": "http://bugzilla.gnome.org/show_bug.cgi?id=701302"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-3718",
        "datePublished": "2019-11-01T12:24:33.000Z",
        "dateReserved": "2013-05-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:21:59.657Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1010006 (GCVE-0-2019-1010006)

    Vulnerability from cvelistv5 – Published: 2019-07-15 01:50 – Updated: 2024-08-05 03:07
    VLAI
    Summary
    Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.
    Severity
    No CVSS data available.
    CWE
    • Buffer Overflow
    Assigner
    dwf
    References
    Impacted products
    Vendor Product Version
    Evince Team Evince Affected: 3.26.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:07:18.014Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=788980"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2745"
              },
              {
                "name": "USN-4067-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4067-1/"
              },
              {
                "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"
              },
              {
                "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"
              },
              {
                "name": "openSUSE-SU-2019:1908",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00046.html"
              },
              {
                "name": "DSA-4624",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4624"
              },
              {
                "name": "20200216 [SECURITY] [DSA 4624-1] evince security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/18"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Evince",
              "vendor": "Evince Team",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.26.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T06:06:07.000Z",
            "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
            "shortName": "dwf"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=788980"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2745"
            },
            {
              "name": "USN-4067-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4067-1/"
            },
            {
              "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"
            },
            {
              "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"
            },
            {
              "name": "openSUSE-SU-2019:1908",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00046.html"
            },
            {
              "name": "DSA-4624",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4624"
            },
            {
              "name": "20200216 [SECURITY] [DSA 4624-1] evince security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/18"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@distributedweaknessfiling.org",
              "ID": "CVE-2019-1010006",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Evince",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.26.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Evince Team"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=788980",
                  "refsource": "MISC",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=788980"
                },
                {
                  "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2745",
                  "refsource": "MISC",
                  "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2745"
                },
                {
                  "name": "USN-4067-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4067-1/"
                },
                {
                  "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"
                },
                {
                  "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"
                },
                {
                  "name": "openSUSE-SU-2019:1908",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00046.html"
                },
                {
                  "name": "DSA-4624",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4624"
                },
                {
                  "name": "20200216 [SECURITY] [DSA 4624-1] evince security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/18"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
        "assignerShortName": "dwf",
        "cveId": "CVE-2019-1010006",
        "datePublished": "2019-07-15T01:50:17.000Z",
        "dateReserved": "2019-03-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:07:18.014Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11459 (GCVE-0-2019-11459)

    Vulnerability from cvelistv5 – Published: 2019-04-22 20:26 – Updated: 2024-08-04 22:55
    VLAI
    Summary
    The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://gitlab.gnome.org/GNOME/evince/issues/1129 x_refsource_MISC
    https://usn.ubuntu.com/3959-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2019:3553 vendor-advisoryx_refsource_REDHAT
    https://www.debian.org/security/2020/dsa-4624 vendor-advisoryx_refsource_DEBIAN
    https://seclists.org/bugtraq/2020/Feb/18 mailing-listx_refsource_BUGTRAQ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:55:40.119Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.gnome.org/GNOME/evince/issues/1129"
              },
              {
                "name": "USN-3959-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3959-1/"
              },
              {
                "name": "FEDORA-2019-6316c0663e",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LU4YZK5S46TZAH4J3NYYUYFMOC47LJG/"
              },
              {
                "name": "FEDORA-2019-ff2b5b5b47",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ6R7NMY44IHIQIY24CV3WV2GLGJPQPZ/"
              },
              {
                "name": "openSUSE-SU-2019:1667",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.html"
              },
              {
                "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"
              },
              {
                "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"
              },
              {
                "name": "RHSA-2019:3553",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3553"
              },
              {
                "name": "DSA-4624",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4624"
              },
              {
                "name": "20200216 [SECURITY] [DSA 4624-1] evince security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/18"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T06:06:06.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.gnome.org/GNOME/evince/issues/1129"
            },
            {
              "name": "USN-3959-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3959-1/"
            },
            {
              "name": "FEDORA-2019-6316c0663e",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LU4YZK5S46TZAH4J3NYYUYFMOC47LJG/"
            },
            {
              "name": "FEDORA-2019-ff2b5b5b47",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ6R7NMY44IHIQIY24CV3WV2GLGJPQPZ/"
            },
            {
              "name": "openSUSE-SU-2019:1667",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.html"
            },
            {
              "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"
            },
            {
              "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"
            },
            {
              "name": "RHSA-2019:3553",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3553"
            },
            {
              "name": "DSA-4624",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4624"
            },
            {
              "name": "20200216 [SECURITY] [DSA 4624-1] evince security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/18"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-11459",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.gnome.org/GNOME/evince/issues/1129",
                  "refsource": "MISC",
                  "url": "https://gitlab.gnome.org/GNOME/evince/issues/1129"
                },
                {
                  "name": "USN-3959-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3959-1/"
                },
                {
                  "name": "FEDORA-2019-6316c0663e",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LU4YZK5S46TZAH4J3NYYUYFMOC47LJG/"
                },
                {
                  "name": "FEDORA-2019-ff2b5b5b47",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJ6R7NMY44IHIQIY24CV3WV2GLGJPQPZ/"
                },
                {
                  "name": "openSUSE-SU-2019:1667",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.html"
                },
                {
                  "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"
                },
                {
                  "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"
                },
                {
                  "name": "RHSA-2019:3553",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3553"
                },
                {
                  "name": "DSA-4624",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4624"
                },
                {
                  "name": "20200216 [SECURITY] [DSA 4624-1] evince security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/18"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-11459",
        "datePublished": "2019-04-22T20:26:32.000Z",
        "dateReserved": "2019-04-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:55:40.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1000159 (GCVE-0-2017-1000159)

    Vulnerability from cvelistv5 – Published: 2017-11-27 15:00 – Updated: 2024-08-05 21:53
    VLAI
    Summary
    Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://security.gentoo.org/glsa/201804-15 vendor-advisoryx_refsource_GENTOO
    https://lists.debian.org/debian-lts-announce/2017… mailing-listx_refsource_MLIST
    https://bugzilla.gnome.org/show_bug.cgi?id=784947 x_refsource_CONFIRM
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://www.debian.org/security/2020/dsa-4624 vendor-advisoryx_refsource_DEBIAN
    https://seclists.org/bugtraq/2020/Feb/18 mailing-listx_refsource_BUGTRAQ
    Date Public
    2017-07-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:53:07.215Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201804-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201804-15"
              },
              {
                "name": "[debian-lts-announce] 20171211 [SECURITY] [DLA 1204-1] evince security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=784947"
              },
              {
                "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"
              },
              {
                "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"
              },
              {
                "name": "DSA-4624",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4624"
              },
              {
                "name": "20200216 [SECURITY] [DSA 4624-1] evince security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/18"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2017-08-22T00:00:00.000Z",
          "datePublic": "2017-07-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T06:06:06.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-201804-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201804-15"
            },
            {
              "name": "[debian-lts-announce] 20171211 [SECURITY] [DLA 1204-1] evince security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=784947"
            },
            {
              "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"
            },
            {
              "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"
            },
            {
              "name": "DSA-4624",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4624"
            },
            {
              "name": "20200216 [SECURITY] [DSA 4624-1] evince security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/18"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2017-08-22T17:29:33.371820",
              "ID": "CVE-2017-1000159",
              "REQUESTER": "hanno@hboeck.de",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201804-15",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201804-15"
                },
                {
                  "name": "[debian-lts-announce] 20171211 [SECURITY] [DLA 1204-1] evince security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00006.html"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=784947",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=784947"
                },
                {
                  "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1881-1] evince security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"
                },
                {
                  "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1882-1] atril security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"
                },
                {
                  "name": "DSA-4624",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4624"
                },
                {
                  "name": "20200216 [SECURITY] [DSA 4624-1] evince security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/18"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-1000159",
        "datePublished": "2017-11-27T15:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T21:53:07.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1000083 (GCVE-0-2017-1000083)

    Vulnerability from cvelistv5 – Published: 2017-09-05 06:00 – Updated: 2024-08-05 21:53
    VLAI
    Summary
    backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-09-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:53:06.517Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "46341",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/46341/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2017/q3/128"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=784630"
              },
              {
                "name": "99597",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99597"
              },
              {
                "name": "RHSA-2017:2388",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2388"
              },
              {
                "name": "DSA-3911",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3911"
              },
              {
                "name": "45824",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45824/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2017-07-10T00:00:00.000Z",
          "datePublic": "2017-09-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a \"--\" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-12T10:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "46341",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/46341/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://seclists.org/oss-sec/2017/q3/128"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=784630"
            },
            {
              "name": "99597",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99597"
            },
            {
              "name": "RHSA-2017:2388",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2388"
            },
            {
              "name": "DSA-3911",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3911"
            },
            {
              "name": "45824",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45824/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2017-07-10",
              "ID": "CVE-2017-1000083",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a \"--\" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "46341",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/46341/"
                },
                {
                  "name": "http://seclists.org/oss-sec/2017/q3/128",
                  "refsource": "MISC",
                  "url": "http://seclists.org/oss-sec/2017/q3/128"
                },
                {
                  "name": "https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee",
                  "refsource": "MISC",
                  "url": "https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=784630",
                  "refsource": "MISC",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=784630"
                },
                {
                  "name": "99597",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99597"
                },
                {
                  "name": "RHSA-2017:2388",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2388"
                },
                {
                  "name": "DSA-3911",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3911"
                },
                {
                  "name": "45824",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45824/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-1000083",
        "datePublished": "2017-09-05T06:00:00.000Z",
        "dateReserved": "2017-07-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T21:53:06.517Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0433 (GCVE-0-2011-0433)

    Vulnerability from cvelistv5 – Published: 2012-11-19 11:00 – Updated: 2024-08-06 21:51
    VLAI
    Summary
    Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-01-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:51:08.799Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=679732"
              },
              {
                "name": "48985",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48985"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/"
              },
              {
                "name": "RHSA-2012:1201",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=640923"
              },
              {
                "name": "MDVSA-2012:144",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
              },
              {
                "name": "GLSA-201701-57",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-57"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-01-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-30T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=679732"
            },
            {
              "name": "48985",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48985"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/"
            },
            {
              "name": "RHSA-2012:1201",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=640923"
            },
            {
              "name": "MDVSA-2012:144",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
            },
            {
              "name": "GLSA-201701-57",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-57"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0433",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=679732",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=679732"
                },
                {
                  "name": "48985",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48985"
                },
                {
                  "name": "http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/",
                  "refsource": "MISC",
                  "url": "http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/"
                },
                {
                  "name": "RHSA-2012:1201",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=640923",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=640923"
                },
                {
                  "name": "MDVSA-2012:144",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
                },
                {
                  "name": "GLSA-201701-57",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-57"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0433",
        "datePublished": "2012-11-19T11:00:00.000Z",
        "dateReserved": "2011-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:51:08.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5244 (GCVE-0-2011-5244)

    Vulnerability from cvelistv5 – Published: 2012-11-19 11:00 – Updated: 2024-08-07 00:30
    VLAI
    Summary
    Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-03-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:46.795Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=643882"
              },
              {
                "name": "evince-token-code-exec(80271)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80271"
              },
              {
                "name": "[oss-security] 20110304 Re: Re: CVE request: More Evince overflows",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/03/04/21"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010"
              },
              {
                "name": "GLSA-201701-57",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-57"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/evince/commit/?id=439c5070022e"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-03-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=643882"
            },
            {
              "name": "evince-token-code-exec(80271)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80271"
            },
            {
              "name": "[oss-security] 20110304 Re: Re: CVE request: More Evince overflows",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/03/04/21"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010"
            },
            {
              "name": "GLSA-201701-57",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-57"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://git.gnome.org/browse/evince/commit/?id=439c5070022e"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5244",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=643882",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=643882"
                },
                {
                  "name": "evince-token-code-exec(80271)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80271"
                },
                {
                  "name": "[oss-security] 20110304 Re: Re: CVE request: More Evince overflows",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/03/04/21"
                },
                {
                  "name": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010",
                  "refsource": "MISC",
                  "url": "http://git.gnome.org/browse/evince/commit/?id=d4139205b010"
                },
                {
                  "name": "GLSA-201701-57",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-57"
                },
                {
                  "name": "http://git.gnome.org/browse/evince/commit/?id=439c5070022e",
                  "refsource": "MISC",
                  "url": "http://git.gnome.org/browse/evince/commit/?id=439c5070022e"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5244",
        "datePublished": "2012-11-19T11:00:00.000Z",
        "dateReserved": "2012-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:30:46.795Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }