Back to search
CVE-2017-1000083
Published: Sep 5, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
46341
exploit
x_refsource_EXPLOIT-DB
http://seclists.org/oss-sec/2017/q3/128
x_refsource_MISC
https://bugzilla.gnome.org/show_bug.cgi?id=784630
x_refsource_MISC
99597
vdb-entry
x_refsource_BID
RHSA-2017:2388
vendor-advisory
x_refsource_REDHAT
DSA-3911
vendor-advisory
x_refsource_DEBIAN
45824
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now