ALSA-2026:28998
- Source
- https://errata.almalinux.org/8/ALSA-2026-28998.html
- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:28998.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ALSA-2026:28998
- Related
- Published
- 2026-06-24T00:00:00Z
- Modified
- 2026-06-25T14:00:04.873263511Z
- Summary
- Important: evince security update
- Details
-
The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files.
Security Fix(es):
- atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen (CVE-2026-46529)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
Affected packages
AlmaLinux:8 / evince
Package
- Name
- evince
- Purl
- pkg:rpm/almalinux/evince
AlmaLinux:8 / evince-browser-plugin
Package
- Name
- evince-browser-plugin
- Purl
- pkg:rpm/almalinux/evince-browser-plugin
AlmaLinux:8 / evince-devel
Package
- Name
- evince-devel
- Purl
- pkg:rpm/almalinux/evince-devel
AlmaLinux:8 / evince-libs
Package
- Name
- evince-libs
- Purl
- pkg:rpm/almalinux/evince-libs