Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2017-1000083

Published: 05/09/2017 Updated: 03/10/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 690
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Gnome

Vulnerability Summary

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince prior to 3.24.1 allows remote malicious users to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome evince

debian debian linux 8.0

debian debian linux 9.0

redhat enterprise linux server eus 7.6

redhat enterprise linux server eus 7.4

redhat enterprise linux server eus 7.5

redhat enterprise linux server aus 7.6

redhat enterprise linux workstation 7.0

redhat enterprise linux server tus 7.4

redhat enterprise linux server 7.5

redhat enterprise linux server 7.0

redhat enterprise linux desktop 7.0

redhat enterprise linux server tus 7.6

redhat enterprise linux server aus 7.4

redhat enterprise linux server 7.4

redhat enterprise linux server 7.6

Vendor Advisories

Debian CVElist Bug Report Logs: atril: CVE-2017-1000083
Debian Bug report logs - #868500 atril: CVE-2017-1000083 Package: src:atril; Maintainer for src:atril is Debian+Ubuntu MATE Packaging Team <debian-mate@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Jul 2017 06:21:02 UTC Severity: grave Tags: fixed-upstream, jessie, patch, secu ...
Ubuntu Security Notice: evince vulnerability
Evince could be made run programs as your login if it opened a specially crafted file ...
Debian Security Advisories: DSA-3911-1 evince -- security update
Felix Wilhelm discovered that the Evince document viewer made insecure use of tar when opening tar comic book archives (CBT) Opening a malicious CBT archive could result in the execution of arbitrary code This update disables the CBT format entirely For the oldstable distribution (jessie), this problem has been fixed in version 3141-2+deb8u2 ...
Debian Security Advisories: DSA-3916-1 atril -- security update
It was discovered that Atril, the MATE document viewer, made insecure use of tar when opening tar comic book archives (CBT) Opening a malicious CBT archive could result in the execution of arbitrary code This update disables the CBT format entirely For the oldstable distribution (jessie), this problem has been fixed in version 181+dfsg1-4+deb8 ...
Red Hat: CVE-2017-1000083
It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program ...
Arch Linux Issues:
The comic book backend in evince <= 3240 is vulnerable to a command injection bug that can be used to execute arbitrary commands when a cbt file is opened CBT files are simple tar archives containing images When a cbt file is processed, evince calls "tar -xOf $archive $filename" for every image file in the archive While both the archive nam ...

Exploits

Exploit DB: Evince - CBT File Command Injection (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'rex/zip' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT def initialize(info = {}) super(update_info(info, 'Name' = ...
Exploit DB: Evince 3.24.0 - Command Injection
# Exploit Title: evince command line injection # Date: 2017-09-05 # Exploit Author: Matlink # Vendor Homepage: wikignomeorg/Apps/Evince # Software Link: wikignomeorg/Apps/Evince # Version: 3240 # Tested on: Debian sid # CVE : CVE-2017-1000083 Can be tested on docker with githubcom/matlink/evince-cve-2017-1000083 #! ...
Exploit DB: Evince CBT File Command Injection
This Metasploit module exploits a command injection vulnerability in Evince before version 3241 when opening comic book `cbt` files Some file manager software, such as Nautilus and Atril, may allow automatic exploitation without user interaction due to thumbnailer preview functionality Note that limited space is available for the payload ...
Exploit DB: Evince 3.24.0 Command Injection
Evince version 3240 suffers from a command injection vulnerability ...

References

NVD-CWE-noinfohttps://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732eehttps://bugzilla.gnome.org/show_bug.cgi?id=784630http://seclists.org/oss-sec/2017/q3/128http://www.securityfocus.com/bid/99597http://www.debian.org/security/2017/dsa-3911https://access.redhat.com/errata/RHSA-2017:2388https://www.exploit-db.com/exploits/45824/https://www.exploit-db.com/exploits/46341/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868500https://usn.ubuntu.com/3351-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/46341
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook