First published: Mon Nov 27 2017(Updated: )
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNOME evince | <3.25.91 | |
debian/atril | 1.20.3-1+deb10u1 1.24.0-1 1.26.0-2 1.26.1-1 | |
debian/evince | 3.30.2-3+deb10u1 3.38.2-1 43.1-2 45.0-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this command injection vulnerability is CVE-2017-1000159.
The evince software is affected by this command injection vulnerability.
Versions earlier than 3.25.91 of evince are affected by this vulnerability.
The severity rating of this vulnerability is 7.8 (high).
To fix this vulnerability, update evince to version 3.25.91 or later.