Download
| Alert*
oval:org.secpod.oval:def:89002264
This update for evince fixes the following issues: - CVE-2017-1000159: Command injection in evince via filename when printing to PDF could lead to command execution oval:org.secpod.oval:def:89002345 This update for evince provides the following fix: - CVE-2017-1000159: Prevent command line injections via filenames when printing to a file oval:org.secpod.oval:def:2102593 backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action= ... oval:org.secpod.oval:def:2105094 The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. oval:org.secpod.oval:def:113821 Evince is simple multi-page document viewer. It can display and print Portable Document Format , PostScript and Encapsulated PostScript files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents bookmarks a ... oval:org.secpod.oval:def:703917 evince: Document viewer Evince could be made to run programs if it printed a specially crafted file. oval:org.secpod.oval:def:51953 evince: Document viewer Evince could be made to run programs if it printed a specially crafted file. oval:org.secpod.oval:def:2001451 Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91. oval:org.secpod.oval:def:604749 Several vulnerabilities were discovered in evince, a simple multi-page document viewer. CVE-2017-1000159 Tobias Mueller reported that the DVI exporter in evince is susceptible to a command injection vulnerability via specially crafted filenames. CVE-2019-11459 Andy Nguyen reported that the tiff_docu ... oval:org.secpod.oval:def:61772 Several vulnerabilities were discovered in evince, a simple multi-page document viewer. CVE-2017-1000159 Tobias Mueller reported that the DVI exporter in evince is susceptible to a command injection vulnerability via specially crafted filenames. CVE-2019-11459 Andy Nguyen reported that the tiff_docu ... oval:org.secpod.oval:def:69951 Several vulnerabilities were discovered in evince, a simple multi-page document viewer. CVE-2017-1000159 Tobias Mueller reported that the DVI exporter in evince is susceptible to a command injection vulnerability via specially crafted filenames. CVE-2019-11459 Andy Nguyen reported that the tiff_docu ... |