CVE-2017-1000159

EUVD-2017-1444
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
gnomeevince
𝑥
< 3.25.91
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
atril
bookworm
1.26.0-2+deb12u3
fixed
bookworm (security)
1.26.0-2+deb12u3
fixed
bullseye
1.24.0-1+deb11u1
fixed
bullseye (security)
1.24.0-1+deb11u1
fixed
sid
1.26.2-3
fixed
stretch
no-dsa
evince
bookworm
43.1-2
fixed
bullseye
3.38.2-1
fixed
sid
46.3.1-1
fixed
stretch
no-dsa
trixie
46.3.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
atril
artful
Fixed 1.18.1-1ubuntu0.1
released
trusty
dne
xenial
Fixed 1.12.2-1ubuntu0.3
released
zesty
ignored
evince
artful
not-affected
trusty
Fixed 3.10.3-0ubuntu10.4
released
xenial
Fixed 3.18.2-1ubuntu4.3
released
zesty
Fixed 3.24.0-0ubuntu1.3
released
Common Weakness Enumeration
References
https://bugzilla.gnome.org/show_bug.cgi?id=784947
https://lists.debian.org/debian-lts-announce/2017/12/msg00006.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html
https://seclists.org/bugtraq/2020/Feb/18
https://security.gentoo.org/glsa/201804-15
https://www.debian.org/security/2020/dsa-4624
https://bugzilla.gnome.org/show_bug.cgi?id=784947
https://lists.debian.org/debian-lts-announce/2017/12/msg00006.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html
https://seclists.org/bugtraq/2020/Feb/18
https://security.gentoo.org/glsa/201804-15
https://www.debian.org/security/2020/dsa-4624