The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
CVSS Score
5.5
EPSS Score
0.005
Published
2019-04-22
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-11-27
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
CVSS Score
7.8
EPSS Score
0.781
Published
2017-09-05