MGASA-2026-0209 Updated evince, atril & xreader packages fix security vulnerability

Evince/Atril/Xreader command injection. CVE-2026-46529...

Updated evince, atril & xreader packages fix security vulnerability

Evince/Atril/Xreader command injection. CVE-2026-46529...

CVE-2026-46529

A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...

CVE-2026-46529

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

CVE-2026-46529

Technical details such as affected versions, impact, and remediation are not provided in the supplied documents; monitor for updates from official advisories.

CVE-2026-46529 PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

EUVD-2026-36109

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

CVE-2026-46529

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

CVE-2026-46529

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

CVE-2026-46529 PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

Atril 命令注入漏洞

Atril is a simple multi-page document viewer developed under the MATE Desktop open source project. Versions of Atril prior to 1.26.3 and 1.28.4 contained a command injection vulnerability. This vulnerability stemmed from the evspawn function in shell/ev-application.c, which did not apply...

Amazon Linux 2023 : papers, papers-devel, papers-libs (ALAS2023-2026-1782)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1782 advisory. CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 An unsoundness issue...

Important: papers

Issue Overview: CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 An unsoundness issue RUSTSEC-2026-0097 was also found in the bundled Rust rand crate. ThreadRng methods us...

Amazon Linux 2 : atril, --advisory ALAS2MATE-DESKTOP1.X-2026-011 (ALASMATE-DESKTOP1.X-2026-011)

The version of atril installed on the remote host is prior to 1.20.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2MATE-DESKTOP1.X-2026-011 advisory. CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of...

Important: atril

Issue Overview: CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 Affected Packages: atril Note: This advisory is applicable to Amazon Linux 2 - Mate-desktop1.x Extra. Visi...

Security update for evince

This update for evince fixes the following issue CVE-2026-46529: Evince/Atril/Xreader command injection bsc1265880. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed...

SUSE-SU-2026:2288-1 Security update for evince

This update for evince fixes the following issue - CVE-2026-46529: Evince/Atril/Xreader command injection bsc1265880...

atril-1.28.4-1.1 on GA media (moderate)

atril-1.28.4-1.1 on GA media Announcement ID: openSUSE-SU-2026:10914-1 Rating: moderate Cross-References: CVE-2026-46519 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the atril-1.28.4-1.1...

OPENSUSE-SU-2026:10914-1 atril-1.28.4-1.1 on GA media

These are all security issues fixed in the atril-1.28.4-1.1 package on the GA media of openSUSE Tumbleweed...

Debian dla-4597 : atril - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4597 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4597-1 [email protected] https://www.debian.org/lts/security/...