evince
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Document viewer (PDF, PostScript, XPS, djvu, dvi, tiff, cbr, cbz, cb7, cbt) |
| Version | 1:48.1-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-348 | 3.24.0+8+ga8363215-1 | 3.24.0+12+g717df38f-1 | Critical | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2017-1000083 | AVG-348 | Critical | Yes | Arbitrary command execution | The comic book backend in evince <= 3.24.0 is vulnerable to a command injection bug that can be used to execute arbitrary commands when a cbt file is... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 14 Jul 2017 | ASA-201707-14 | AVG-348 | Critical | arbitrary command execution |