backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "evince-dbg": "3.10.3-0ubuntu10.3", "libevince-dev-dbgsym": "3.10.3-0ubuntu10.3", "libevince-dev": "3.10.3-0ubuntu10.3", "evince-gtk": "3.10.3-0ubuntu10.3", "evince-common": "3.10.3-0ubuntu10.3", "libevview3-3": "3.10.3-0ubuntu10.3", "gir1.2-evince-3.0": "3.10.3-0ubuntu10.3", "evince-dbgsym": "3.10.3-0ubuntu10.3", "evince": "3.10.3-0ubuntu10.3", "libevview3-3-dbgsym": "3.10.3-0ubuntu10.3", "gir1.2-evince-3.0-dbgsym": "3.10.3-0ubuntu10.3", "libevdocument3-4": "3.10.3-0ubuntu10.3", "libevdocument3-4-dbgsym": "3.10.3-0ubuntu10.3", "evince-gtk-dbgsym": "3.10.3-0ubuntu10.3" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libatrildocument3": "1.12.2-1ubuntu0.2", "atril-dbg": "1.12.2-1ubuntu0.2", "atril-dbgsym": "1.12.2-1ubuntu0.2", "atril-common": "1.12.2-1ubuntu0.2", "libatrilview3": "1.12.2-1ubuntu0.2", "libatrilview3-dbgsym": "1.12.2-1ubuntu0.2", "libatrilview3-dbg": "1.12.2-1ubuntu0.2", "gir1.2-atril": "1.12.2-1ubuntu0.2", "atril": "1.12.2-1ubuntu0.2", "libatrildocument3-dbgsym": "1.12.2-1ubuntu0.2", "libatrildocument-dev": "1.12.2-1ubuntu0.2", "libatrildocument3-dbg": "1.12.2-1ubuntu0.2", "libatrilview-dev": "1.12.2-1ubuntu0.2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "evince-dbg": "3.18.2-1ubuntu4.1", "evince-dbgsym": "3.18.2-1ubuntu4.1", "evince": "3.18.2-1ubuntu4.1", "evince-common": "3.18.2-1ubuntu4.1", "libevview3-3-dbgsym": "3.18.2-1ubuntu4.1", "libevince-dev": "3.18.2-1ubuntu4.1", "evince-gtk": "3.18.2-1ubuntu4.1", "gir1.2-evince-3.0": "3.18.2-1ubuntu4.1", "libevdocument3-4": "3.18.2-1ubuntu4.1", "libevdocument3-4-dbgsym": "3.18.2-1ubuntu4.1", "libevview3-3": "3.18.2-1ubuntu4.1" } ] }