rpm package
suse/evince&distro=SUSE Linux Enterprise Workstation Extension 12 SP3
pkg:rpm/suse/evince&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-1000159 | Hig | 7.8 | < 3.20.2-6.22.9 | 3.20.2-6.22.9 | Nov 27, 2017 | Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91. | |
| CVE-2017-1000083 | Hig | 7.8 | < 3.20.1-6.16.1 | 3.20.1-6.16.1 | Sep 5, 2017 | backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a |
- affected < 3.20.2-6.22.9fixed 3.20.2-6.22.9
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.
- affected < 3.20.1-6.16.1fixed 3.20.1-6.16.1
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a