{"id":"CVE-2019-11459","details":"The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.","modified":"2026-05-18T05:50:35.010241164Z","published":"2019-04-22T22:29:00.403Z","related":["ALSA-2019:3553","SUSE-SU-2019:14141-1","SUSE-SU-2019:1648-1","SUSE-SU-2019:2080-1","SUSE-SU-2019:2080-2","SUSE-SU-2019:2098-1","openSUSE-SU-2019:1667-1","openSUSE-SU-2024:10742-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"16.04"},{"last_affected":"18.04"},{"last_affected":"18.10"},{"last_affected":"19.04"}],"vendor_product":"canonical:ubuntu_linux"},{"cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.0"},{"last_affected":"9.0"},{"last_affected":"10.0"}],"vendor_product":"debian:debian_linux"},{"cpes":["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"29"},{"last_affected":"30"}],"vendor_product":"fedoraproject:fedora"},{"cpes":["cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"15.0"},{"last_affected":"15.1"}],"vendor_product":"opensuse:leap"},{"cpes":["cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.0"}],"vendor_product":"redhat:enterprise_linux"},{"cpes":["cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.1"},{"last_affected":"8.2"},{"last_affected":"8.4"},{"last_affected":"8.6"}],"vendor_product":"redhat:enterprise_linux_eus"},{"cpes":["cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.2"},{"last_affected":"8.4"},{"last_affected":"8.6"}],"vendor_product":"redhat:enterprise_linux_server_aus"},{"cpes":["cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.2"},{"last_affected":"8.4"},{"last_affected":"8.6"}],"vendor_product":"redhat:enterprise_linux_server_tus"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LU4YZK5S46TZAH4J3NYYUYFMOC47LJG/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ6R7NMY44IHIQIY24CV3WV2GLGJPQPZ/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3553"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2020/Feb/18"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3959-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4624"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/evince/issues/1129"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/evince","events":[{"introduced":"0"},{"last_affected":"10da4bcec1cdd535a267e4b8e971668a47f0138b"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"3.32.0"}],"cpe":"cpe:2.3:a:gnome:evince:*:*:*:*:*:*:*:*"}}],"versions":["3.32.0","3.31.91","3.31.90","3.31.4","3.31.3","3.31.2","3.31.1","3.30.0","3.29.92","3.29.91","3.29.90","3.29.1","3.28.1","3.27.92","3.27.91","3.26.0","3.25.92","3.25.91","3.25.4","3.24.0","3.22.0","3.21.92","3.21.4","3.21.3","3.20.0","3.19.92","3.18.0","3.17.92","3.17.4","3.17.3","3.17.2","3.17.1","3.16.0","3.15.92","3.15.90","3.15.4","3.14.1","3.14.0","3.13.92","3.13.91","3.13.90","3.13.3.1","3.13.3","3.11.92","3.11.90","3.11.3","3.11.1","3.10.0","3.9.90","3.9.5","3.9.4","3.9.3","3.9.2","3.8.0","3.7.92","3.7.90","3.7.5","3.7.4","3.7.1","3.6.0","3.5.92","3.5.90","3.5.5","3.5.4","3.5.3","3.5.2","3.4.0","3.3.92","3.3.90","3.3.5","3.3.4","3.3.3.1","3.3.3","3.3.2","3.2.1","3.2.0","3.1.90.1","3.1.90","3.1.2","EVINCE_3_0_0","EVINCE_2_91_93","EVINCE_2_91_92","EVINCE_2_91_90","EVINCE_2_91_6","EVINCE_2_91_5","EVINCE_2_91_4","EVINCE_2_91_3","EVINCE_2_91_2","EVINCE_2_91_1","EVINCE_2_91_0","EVINCE_2_31_90","EVINCE_2_31_6_1","EVINCE_2_31_6","EVINCE_2_31_5","EVINCE_2_31_4_1","EVINCE_2_31_4","EVINCE_2_31_3","EVINCE_2_31_2","EVINCE_2_31_1","EVINCE_2_30_0","EVINCE_2_29_92","EVINCE_2_29_91","EVINCE_2_29_5","EVINCE_2_29_4","EVINCE_2_29_3","EVINCE_2_29_2","EVINCE_2_29_1","EVINCE_2_27_90","EVINCE_2_27_4","EVINCE_2_27_3","EVINCE_2_27_1","EVINCE_2_26_0","EVINCE_2_25_92","EVINCE_2_25_91","EVINCE_2_25_90","EVINCE_2_25_5","EVINCE_2_25_4","EVINCE_2_25_2","EVINCE_2_25_1","EVINCE_2_24_1","EVINCE_2_24_0","EVINCE_2_23_92","EVINCE_2_23_91","EVINCE_2_23_5","EVINCE_2_23_4","EVINCE_2_22_1_1","EVINCE_2_22_1","EVINCE_2_22_0","EVINCE_2_21_91","EVINCE_2_21_90","EVINCE_2_21_1","EVINCE_2_20_0","EVINCE_2_19_92","EVINCE_2_19_4","EVINCE_0_9_3","EVINCE_0_9_2","EVINCE_0_9_1","EVINCE_0_9_0","EVINCE_0_8_1","EVINCE_0_8_0","EVINCE_0_7_2","EVINCE_0_7_1","EVINCE_0_7_0","GNOME_2_16_BRANCHPOINT","EVINCE_0_6_1","EVINCE_0_6_0","EVINCE_0_5_5","EVINCE_0_5_4","EVINCE_0_5_3","GNOME_2_14_BRANCHPOINT","EVINCE_0_5_2","EVINCE_0_5_1","EVINCE_0_5_0","GNOME_2_12_BRANCHPOINT","EVINCE_0_4_0","EVINCE_0_3_3","EVINCE_0_3_1","EVINCE_0_3_0","EVINCE_0_2_1","EVINCE_0_2_0","EVINCE_0_1_9","EVINCE_0_1_8","EVINCE_0_1_7","EVINCE_0_1_6","EVINCE_0_1_5","EVINCE_0_1_4","EVINCE_0_1_3","EVINCE_0_1_1","EVINCE_0_1_0","start","GPDF_2_9_1","GPDF_2_8_1","GNOME_2_8_ANCHOR","GPDF_2_8_0","GPDF_2_7_91","GPDF_MODES_ANCHOR","GPDF_2_7_90","GPDF_2_7_2","GPDF_2_7_1","XPDF_3_00","XPDF_2_03","BEFORE_XPDF_3_MERGE","GPDF_0_131","GPDF_0_130","GPDF_0_125","GPDF_0_124","GPDF_0_123","GNOME_2_6_ANCHOR","GPDF_0_122","GPDF_0_121","GPDF_0_120","GPDF_0_112_1","GPDF_0_112","GPDF_0_111","GNOME_2_4_ANCHOR","GPDF_0_110","GPDF_0_106","GPDF_0_105","GPDF_OUTLINES_ANCHOR","GPDF_0_104","GPDF_0_103","GPDF_0_102","GPDF_0_101","GPDF_0_100","XPDF_2_02","XPDF_2_01","XPDF_2_00","XPDF_1_01","BEFORE_GNOME_PRINT","GPDF_FOR_GNOME_1_4","BONOBO_BEFORE_API_RENAME","BEFORE_NEW_UI_HANDLER_1","EAZEL-NAUTILUS-MS-AUG07","EAZEL-NAUTILUS-MS-JULY_5","nautilus_ms_may_31","ChangeLog","XPDF_0_80"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11459.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}