evince

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Document viewer (PDF, Postscript, djvu, tiff, dvi, XPS, SyncTex support with gedit, comics books (cbr,cbz,cb7 and cbt))
Version 3.28.2-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-348 3.24.0+8+ga8363215-1 3.24.0+12+g717df38f-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2017-1000083 AVG-348 Critical Yes Arbitrary command execution
The comic book backend in evince <= 3.24.0 is vulnerable to a command injection bug that can be used to execute arbitrary commands when a cbt file is...

Advisories

Date Advisory Group Severity Description
14 Jul 2017 ASA-201707-14 AVG-348 Critical arbitrary command execution