Main Vulnerability Database Vulnerabilities #VU7546

#VU7546 Code injection in Evince - CVE-2017-1000083

Published: July 14, 2017 / Updated: June 17, 2021

Vulnerability identifier: #VU7546

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2017-1000083

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Evince

Software vendor:
Gnome Development Team

Description

The vulnerability allows a remote attacker to execute arbitrary commands.

The vulnerability exists due to insufficient sanitization of user-supplied data when processing tar comic book (cbt) files in evince. A remote attacker can create a speicially crafted "cbt" file, trick the victim into downloading it and execute arbitrary commands on vulnerable system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Update to version 3.25.0.

External links

https://bugzilla.gnome.org/show_bug.cgi?id=784630

#VU7546 Code injection in Evince - CVE-2017-1000083

Description

Remediation

External links

Please verify you're human