16 matches found
atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...
AlmaLinux 8 : evince (ALSA-2026:28998)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28998 advisory. atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen CVE-2026-46529 Tenable has extracted the preceding...
ALSA-2026:28998 Important: evince security update
The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files, and, with additional back-ends, also the Device Independent File format DVI files. Security Fixes: atril: evince: xreader: PDF /GoToR action argv...
RHEL 9 : evince (RHSA-2026:27819)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27819 advisory. The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files,...
EUVD-2018-13755
Malware in sbrugna...
EUVD-2018-13758
Malware in sbrugna...
CVE-2018-21237
An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action...
CVE-2018-21239
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action...
CVE-2018-21242
An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action...
CVE-2018-21237
An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action...
CVE-2018-21239
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action...
Remote code execution
An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action...
CVE-2018-21239
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action...
Foxit Reader GoToR Action Stack Buffer Overflow
A stack buffer overflow vulnerability has been reported in Foxit Reader. The vulnerability is due improper handling of the GoToR action. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted pdf file. Successful exploitation could allow...
Foxit Patches 12 Vulnerabilities, 8 That Could Lead to RCE
Foxit patched a dozen vulnerabilities in its PDF reader software this week, more than half of which could allow an attacker to directly execute arbitrary code on vulnerable installations of the product. The company released version 8.0 of its Foxit Reader and Foxit PhantomPDF on Monday, addressin...
Foxit Reader GoToR action Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...