CVE-2017-1000159

Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
gnomeevince
𝑥
< 3.25.91
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
atril
bullseye (security)
1.24.0-1+deb11u1
fixed
bullseye
1.24.0-1+deb11u1
fixed
stretch
no-dsa
bookworm
1.26.0-2+deb12u3
fixed
bookworm (security)
1.26.0-2+deb12u3
fixed
sid
1.26.2-3
fixed
evince
bullseye
3.38.2-1
fixed
stretch
no-dsa
bookworm
43.1-2
fixed
sid
46.3.1-1
fixed
trixie
46.3.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
atril
artful
Fixed 1.18.1-1ubuntu0.1
released
zesty
ignored
xenial
Fixed 1.12.2-1ubuntu0.3
released
trusty
dne
evince
artful
not-affected
zesty
Fixed 3.24.0-0ubuntu1.3
released
xenial
Fixed 3.18.2-1ubuntu4.3
released
trusty
Fixed 3.10.3-0ubuntu10.4
released
Common Weakness Enumeration
References
https://bugzilla.gnome.org/show_bug.cgi?id=784947
https://lists.debian.org/debian-lts-announce/2017/12/msg00006.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html
https://seclists.org/bugtraq/2020/Feb/18
https://security.gentoo.org/glsa/201804-15
https://www.debian.org/security/2020/dsa-4624
https://bugzilla.gnome.org/show_bug.cgi?id=784947
https://lists.debian.org/debian-lts-announce/2017/12/msg00006.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html
https://seclists.org/bugtraq/2020/Feb/18
https://security.gentoo.org/glsa/201804-15
https://www.debian.org/security/2020/dsa-4624