CVE-2017-1000083

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-1000083

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000083.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-1000083

Related

Published

2017-09-05T06:29:00Z

Modified

2024-09-11T04:06:42.190862Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

References

Affected packages

Debian:11 / atril

Package

Name: atril
Purl: pkg:deb/debian/atril?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.1-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / atril

Package

Name: atril
Purl: pkg:deb/debian/atril?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.1-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / evince

Package

Name: evince
Purl: pkg:deb/debian/evince?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.22.1-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / evince

Package

Name: evince
Purl: pkg:deb/debian/evince?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.22.1-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / evince

Package

Name: evince
Purl: pkg:deb/debian/evince?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.22.1-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/gnome/evince

Affected ranges

Type: GIT
Repo: https://github.com/gnome/evince
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

717df38fd8509bf883b70d680c9b1b3cf36732ee

Affected versions

3.*

3.1.2

3.1.90

3.1.90.1

3.10.0

3.11.1

3.11.3

3.11.90

3.11.92

3.13.3

3.13.3.1

3.13.90

3.13.91

3.13.92

3.14.0

3.14.1

3.15.4

3.15.90

3.15.92

3.16.0

3.17.1

3.17.2

3.17.3

3.17.4

3.17.92

3.18.0

3.19.92

3.2.0

3.2.1

3.20.0

3.21.3

3.21.4

3.21.92

3.22.0

3.24.0

3.3.2

3.3.3

3.3.3.1

3.3.4

3.3.5

3.3.90

3.3.92

3.4.0

3.5.2

3.5.3

3.5.4

3.5.5

3.5.90

3.5.92

3.6.0

3.7.1

3.7.4

3.7.5

3.7.90

3.7.92

3.8.0

3.9.2

3.9.3

3.9.4

3.9.5

3.9.90

Other

BEFORE_GNOME_PRINT

BEFORE_NEW_UI_HANDLER_1

BEFORE_XPDF_3_MERGE

BONOBO_BEFORE_API_RENAME

ChangeLog

EAZEL-NAUTILUS-MS-AUG07

EAZEL-NAUTILUS-MS-JULY_5

EVINCE_0_1_0

EVINCE_0_1_1

EVINCE_0_1_3

EVINCE_0_1_4

EVINCE_0_1_5

EVINCE_0_1_6

EVINCE_0_1_7

EVINCE_0_1_8

EVINCE_0_1_9

EVINCE_0_2_0

EVINCE_0_2_1

EVINCE_0_3_0

EVINCE_0_3_1

EVINCE_0_3_3

EVINCE_0_4_0

EVINCE_0_5_0

EVINCE_0_5_1

EVINCE_0_5_2

EVINCE_0_5_3

EVINCE_0_5_4

EVINCE_0_5_5

EVINCE_0_6_0

EVINCE_0_6_1

EVINCE_0_7_0

EVINCE_0_7_1

EVINCE_0_7_2

EVINCE_0_8_0

EVINCE_0_8_1

EVINCE_0_9_0

EVINCE_0_9_1

EVINCE_0_9_2

EVINCE_0_9_3

EVINCE_2_19_4

EVINCE_2_19_92

EVINCE_2_20_0

EVINCE_2_21_1

EVINCE_2_21_90

EVINCE_2_21_91

EVINCE_2_22_0

EVINCE_2_22_1

EVINCE_2_22_1_1

EVINCE_2_23_4

EVINCE_2_23_5

EVINCE_2_23_91

EVINCE_2_23_92

EVINCE_2_24_0

EVINCE_2_24_1

EVINCE_2_25_1

EVINCE_2_25_2

EVINCE_2_25_4

EVINCE_2_25_5

EVINCE_2_25_90

EVINCE_2_25_91

EVINCE_2_25_92

EVINCE_2_26_0

EVINCE_2_27_1

EVINCE_2_27_3

EVINCE_2_27_4

EVINCE_2_27_90

EVINCE_2_29_1

EVINCE_2_29_2

EVINCE_2_29_3

EVINCE_2_29_4

EVINCE_2_29_5

EVINCE_2_29_91

EVINCE_2_29_92

EVINCE_2_30_0

EVINCE_2_31_1

EVINCE_2_31_2

EVINCE_2_31_3

EVINCE_2_31_4

EVINCE_2_31_4_1

EVINCE_2_31_5

EVINCE_2_31_6

EVINCE_2_31_6_1

EVINCE_2_31_90

EVINCE_2_91_0

EVINCE_2_91_1

EVINCE_2_91_2

EVINCE_2_91_3

EVINCE_2_91_4

EVINCE_2_91_5

EVINCE_2_91_6

EVINCE_2_91_90

EVINCE_2_91_92

EVINCE_2_91_93

EVINCE_3_0_0

GNOME_2_12_BRANCHPOINT

GNOME_2_14_BRANCHPOINT

GNOME_2_16_BRANCHPOINT

GNOME_2_4_ANCHOR

GNOME_2_6_ANCHOR

GNOME_2_8_ANCHOR

GPDF_0_100

GPDF_0_101

GPDF_0_102

GPDF_0_103

GPDF_0_104

GPDF_0_105

GPDF_0_106

GPDF_0_110

GPDF_0_111

GPDF_0_112

GPDF_0_112_1

GPDF_0_120

GPDF_0_121

GPDF_0_122

GPDF_0_123

GPDF_0_124

GPDF_0_125

GPDF_0_130

GPDF_0_131

GPDF_2_7_1

GPDF_2_7_2

GPDF_2_7_90

GPDF_2_7_91

GPDF_2_8_0

GPDF_2_8_1

GPDF_2_9_1

GPDF_FOR_GNOME_1_4

GPDF_MODES_ANCHOR

GPDF_OUTLINES_ANCHOR

XPDF_0_80

XPDF_1_01

XPDF_2_00

XPDF_2_01

XPDF_2_02

XPDF_2_03

XPDF_3_00

nautilus_ms_may_31

start