CVE-2023-44452

CVE-2023-44452 affects Linux Mint Xreader (and related Atril/Xreader components) via CBT file parsing. The root cause is insufficient validation when handling user-supplied strings used in system calls during CBT extraction, enabling arbitrary code execution in the context of the current user aft...

Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Huawei EulerOS: Security Advisory for evince (EulerOS-SA-2017-1221)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : evince (EulerOS-SA-2017-1222)

According to the version of the evince packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar CBT files, thereby allowing command...

Scientific Linux Security Update : evince on SL7.x x86_64 (20170802)

Security Fixes : - It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar CBT files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince- thumbnailer, could execute arbitrary commands in the context of...

MGASA-2017-0244 Updated evince packages fix security vulnerability

Felix Wilhelm discovered that Evince did not safely invoke tar when handling tar comic book cbt files. An attacker could use this to construct a malicious cbt comic book format file that, when opened in Evince, executes arbitrary code. Please note that this update disables support for cbt files i...

RHEL 7 : evince (RHSA-2017:2388)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2388 advisory. The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files,...

Important: Red Hat Security Advisory: evince security update

An update for evince is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

USN-3351-1: Evince vulnerability

Felix Wilhelm discovered that Evince did not safely invoke tar when handling tar comic book cbt files. An attacker could use this to construct a malicious cbt comic book format file that, when opened in Evince, executes arbitrary code. Please note that this update disables support for cbt files i...

CVE-2017-1000083

backend/comics/comics-document.c aka the comic book backend in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a...