Evince
CVE-2017-1000159
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.
AnalysisAI
Command injection in evince via filename when printing to PDF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
Technical ContextAI
This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91. Affected products include: Gnome Evince.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to e
Evince 3.26.0 is affected by buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication re
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince thro
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today