133 matches found
atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...
atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...
atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...
ALSA-2026:28998 Important: evince security update
The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files, and, with additional back-ends, also the Device Independent File format DVI files. Security Fixes: atril: evince: xreader: PDF /GoToR action argv...
OPENSUSE-SU-2026:21152-1 Security update for atril
This update for atril fixes the following issues: Changes in atril: - Update to version 1.28.4 bsc1265880 CVE-2026-46519: Build fixes Fix tests imported from XReader Fix tests with AT-SPI2 = 2.53 Improve search system pdf: Always use popplerdocumentsave to avoid data loss Use properties for...
atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...
Debian dsa-6349 : atril - security update
The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6349 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6349-1 [email protected] https://www.debian.org/security/...
[SECURITY] [DSA 6349-1] atril security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6349-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 17, 2026 https://www.debian.org/security/faq -...
[SECURITY] [DLA 4632-1] atril security update
Debian LTS Advisory DLA-4632-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson June 16, 2026 https://wiki.debian.org/LTS Package : atril Version : 1.26.0-2+deb12u4 CVE ID : CVE-2026-46529 Debian Bug : 1139874 It was discovered that atril, a simple multi-page...
Debian dla-4632 : atril - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dla-4632 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4632-1 [email protected] https://www.debian.org/lts/security/...
Updated evince, atril & xreader packages fix security vulnerability
Evince/Atril/Xreader command injection. CVE-2026-46529...
MGASA-2026-0209 Updated evince, atril & xreader packages fix security vulnerability
Evince/Atril/Xreader command injection. CVE-2026-46529...
CVE-2026-46529
A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...
CVE-2026-46529
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...
CVE-2026-46529 PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...
CVE-2026-46529
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...
CVE-2026-46529 PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...
CVE-2026-46529
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...
CVE-2026-46529
Technical details such as affected versions, impact, and remediation are not provided in the supplied documents; monitor for updates from official advisories.
EUVD-2026-36109
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...