CVE-2017-1000083

EPSS 50.1%

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

Affected products

n/a · n/a

public PoCs found — 6

githubgithub.com/matlink/evince-cve-2017-1000083★ 0 githubgithub.com/matlink/cve-2017-1000083-atril-nautilus★ 0 cve_referencewww.exploit-db.com/exploits/46341/unverified exploitdbwww.exploit-db.com/exploits/45824unverified exploitdbwww.exploit-db.com/exploits/46341unverified cve_referencewww.exploit-db.com/exploits/45824/unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/errata/RHSA-2017:2388 https://bugzilla.gnome.org/show_bug.cgi?id=784630 http://seclists.org/oss-sec/2017/q3/128 https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee https://www.exploit-db.com/exploits/45824/https://www.exploit-db.com/exploits/46341/http://www.debian.org/security/2017/dsa-3911 http://www.securityfocus.com/bid/99597