여러 취약점을 evince에서 발견했습니다.
Tobias Mueller reported that the DVI exporter in evince is susceptible to a command injection vulnerability via specially crafted filenames.
Andy Nguyen reported that the tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend did not handle errors from TIFFReadRGBAImageOriented(), leading to disclosure of uninitialized memory when processing TIFF image files.
A buffer overflow vulnerability in the tiff backend could lead to denial of service, or potentially the execution of arbitrary code if a specially crafted PDF file is opened.
For the oldstable distribution (stretch), these problems have been fixed in version 3.22.1-3+deb9u2.
For the stable distribution (buster), these problems have been fixed in version 3.30.2-3+deb10u1. The stable distribution is only affected by CVE-2019-11459.
evince 패키지를 업그레이드 하는 게 좋음.
evince의 자세한 보안 상태는 보안 추적 페이지 참조: https://security-tracker.debian.org/tracker/evince