7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.142 Low
EPSS
Percentile
95.7%
CentOS Errata and Security Advisory CESA-2017:2388
The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files.
Security Fix(es):
Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2017-August/030924.html
Affected packages:
evince
evince-browser-plugin
evince-devel
evince-dvi
evince-libs
evince-nautilus
Upstream details at:
https://access.redhat.com/errata/RHSA-2017:2388
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | x86_64 | evince | < 3.22.1-5.2.el7_4 | evince-3.22.1-5.2.el7_4.x86_64.rpm |
CentOS | 7 | x86_64 | evince-browser-plugin | < 3.22.1-5.2.el7_4 | evince-browser-plugin-3.22.1-5.2.el7_4.x86_64.rpm |
CentOS | 7 | i686 | evince-devel | < 3.22.1-5.2.el7_4 | evince-devel-3.22.1-5.2.el7_4.i686.rpm |
CentOS | 7 | x86_64 | evince-devel | < 3.22.1-5.2.el7_4 | evince-devel-3.22.1-5.2.el7_4.x86_64.rpm |
CentOS | 7 | x86_64 | evince-dvi | < 3.22.1-5.2.el7_4 | evince-dvi-3.22.1-5.2.el7_4.x86_64.rpm |
CentOS | 7 | i686 | evince-libs | < 3.22.1-5.2.el7_4 | evince-libs-3.22.1-5.2.el7_4.i686.rpm |
CentOS | 7 | x86_64 | evince-libs | < 3.22.1-5.2.el7_4 | evince-libs-3.22.1-5.2.el7_4.x86_64.rpm |
CentOS | 7 | x86_64 | evince-nautilus | < 3.22.1-5.2.el7_4 | evince-nautilus-3.22.1-5.2.el7_4.x86_64.rpm |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.142 Low
EPSS
Percentile
95.7%