Lucene search
K

42 matches found

RedHat Linux
RedHat Linux
added 2026/06/30 6:58 a.m.6 views

atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...

8.4CVSS6.6AI score0.00529EPSS
Exploits1References12
RedHat Linux
RedHat Linux
added 2026/06/29 5:50 p.m.7 views

atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...

8.4CVSS6.6AI score0.00529EPSS
Exploits1References12
RedHat Linux
RedHat Linux
added 2026/06/24 1:9 p.m.5 views

atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...

8.4CVSS6.6AI score0.00529EPSS
Exploits1References12
RedHat Linux
RedHat Linux
added 2026/06/24 1:9 p.m.8 views

Important: Red Hat Security Advisory: evince security update

An update for evince is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.4CVSS5.9AI score0.00529EPSS
Exploits1References2
OSV
OSV
added 2026/06/24 12:3 p.m.7 views

RLSA-2026:27819 Important: evince security update

The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files, and, with additional back-ends, also the Device Independent File format DVI files. Security Fixes: atril: evince: xreader: PDF /GoToR action argv...

7.8CVSS5.9AI score0.00529EPSS
Exploits1References2
Rockylinux
Rockylinux
added 2026/06/24 12:3 p.m.9 views

evince security update

An update is available for evince. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The evince packages provide a simple multi-page document viewer for Portable...

8.4CVSS5.9AI score0.00529EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/06/22 11:15 a.m.5 views

atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...

8.4CVSS6.6AI score0.00529EPSS
Exploits1References12
OSV
OSV
added 2026/06/15 3:56 p.m.9 views

MGASA-2026-0209 Updated evince, atril & xreader packages fix security vulnerability

Evince/Atril/Xreader command injection. CVE-2026-46529...

8.4CVSS5.3AI score0.00529EPSS
Exploits1References3
Mageia
Mageia
added 2026/06/15 3:56 p.m.14 views

Updated evince, atril & xreader packages fix security vulnerability

Evince/Atril/Xreader command injection. CVE-2026-46529...

8.4CVSS5.2AI score0.00529EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/11 4:27 p.m.10 views

CVE-2026-46529

A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...

8.4CVSS6.4AI score0.00529EPSS
Exploits1References11
Amazon
Amazon
added 2026/06/08 12:0 a.m.11 views

Important: papers

Issue Overview: CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 An unsoundness issue RUSTSEC-2026-0097 was also found in the bundled Rust rand crate. ThreadRng methods us...

5.5AI score0.00529EPSS
Exploits1
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Important: atril

Issue Overview: CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 Affected Packages: atril Note: This advisory is applicable to Amazon Linux 2 - Mate-desktop1.x Extra. Visi...

8.4CVSS5.5AI score0.00529EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

Amazon Linux 2023 : papers, papers-devel, papers-libs (ALAS2023-2026-1782)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1782 advisory. CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 An unsoundness issue...

8.4CVSS5.6AI score0.00529EPSS
Exploits1References4
SUSE Linux
SUSE Linux
added 2026/06/05 2:4 p.m.9 views

Security update for evince

This update for evince fixes the following issue CVE-2026-46529: Evince/Atril/Xreader command injection bsc1265880. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed...

7.5CVSS5.4AI score0.00529EPSS
Exploits1References4
OSV
OSV
added 2026/06/05 2:3 p.m.8 views

SUSE-SU-2026:2288-1 Security update for evince

This update for evince fixes the following issue - CVE-2026-46529: Evince/Atril/Xreader command injection bsc1265880...

8.4CVSS5.4AI score0.00529EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-42169

Name of the Vulnerable Software and Affected Versions Atril versions prior to 1.26.3 Atril versions prior to 1.28.4 Evince versions prior to 48.4 Xreader versions prior to 4.6.4 Xreader versions prior to 3.6.7 Papers affected versions not specified Description A command injection issue exists in...

8.4CVSS6.4AI score0.00529EPSS
Exploits1References56
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:16 a.m.4 views

CVE-2023-44452

Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visi...

7.8CVSS6.3AI score0.01274EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/05/03 3:16 a.m.24 views

CVE-2023-44451

Linux Mint Xreader EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must...

7.8CVSS8AI score0.0177EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:16 a.m.33 views

CVE-2023-44451

Linux Mint Xreader EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must...

7.8CVSS6.2AI score0.0177EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/05/03 3:16 a.m.36 views

CVE-2023-44452

Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visi...

7.8CVSS8.1AI score0.01274EPSS
Exploits1References2
Rows per page
Query Builder