CVE-2019-11459

Name	CVE-2019-11459
Description	The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-1881-1, DLA-1882-1, DSA-4624-1
Debian Bugs	927820, 927821

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
atril (PTS)	jessie, jessie (lts)	1.8.1+dfsg1-4+deb8u2	fixed
	stretch	1.16.1-2+deb9u2	fixed
	stretch (security), stretch (lts)	1.16.1-2+deb9u1	vulnerable
	buster (security), buster, buster (lts)	1.20.3-1+deb10u2	fixed
	bullseye (security), bullseye	1.24.0-1+deb11u1	fixed
	bookworm (security), bookworm	1.26.0-2+deb12u3	fixed
	sid	1.26.2-3	fixed
evince (PTS)	jessie, jessie (lts)	3.14.1-2+deb8u3	fixed
	stretch (security)	3.22.1-3+deb9u2	fixed
	stretch (lts), stretch	3.22.1-3+deb9u3	fixed
	buster (security), buster, buster (lts)	3.30.2-3+deb10u1	fixed
	bullseye	3.38.2-1	fixed
	bookworm	43.1-2	fixed
	sid, trixie	46.3.1-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
atril	source	jessie	1.8.1+dfsg1-4+deb8u2		DLA-1882-1
atril	source	stretch	1.16.1-2+deb9u2
atril	source	buster	1.20.3-1+deb10u1
atril	source	(unstable)	1.22.3-1	unimportant		927821
evince	source	wheezy	(unfixed)	end-of-life
evince	source	jessie	3.14.1-2+deb8u3		DLA-1881-1
evince	source	stretch	3.22.1-3+deb9u2		DSA-4624-1
evince	source	buster	3.30.2-3+deb10u1
evince	source	(unstable)	3.32.0-3	unimportant		927820

Notes

https://gitlab.gnome.org/GNOME/evince/issues/1129
Fixed by: https://gitlab.gnome.org/GNOME/evince/commit/3e38d5ad724a042eebadcba8c2d57b0f48b7a8c7
Negligible security impact