PT-2017-3346 · Gnome+5 · Gnome Evince+5

Felix Wilhelm

Published

2017-07-13

Updated

2024-06-15

CVE-2017-1000083

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GNOME Evince versions prior to 3.24.1

Description The issue allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring. This can be demonstrated by a filename starting with --checkpoint-action=exec=bash at the beginning of the filename. The vulnerability is related to the failure to neutralize special elements used in a command.

Recommendations For versions prior to 3.24.1, update to version 3.24.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of .cbt files that are TAR archives containing filenames starting with the "--" command-line option substring. Restrict access to the comic book backend to minimize the risk of exploitation.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

ALT-PU-2017-1881

ALT-PU-2017-1935

BDU:2018-00111

CESA-2017_2388

CVE-2017-1000083

DLA-1031-1

DSA-3911-1

DSA-3916-1

MGASA-2017-0244

MGASA-2017-0251

OPENSUSE-SU-2017_1933-1

OPENSUSE-SU-2017_3431-1

OPENSUSE-SU-2024:10742-1

RHSA-2017:2388

RHSA-2017_2388

SUSE-SU-2017:1893-1

SUSE-SU-2017:1894-1

SUSE-SU-2017:2390-1

SUSE-SU-2017:3428-1

SUSE-SU-2017_1893-1

SUSE-SU-2017_1894-1

SUSE-SU-2017_2390-1

SUSE-SU-2017_3428-1

USN-3351-1

Affected Products

Alt Linux

Centos

Gnome Evince

Red Hat

Suse

Ubuntu

PT-2017-3346 · Gnome+5 · Gnome Evince+5

CVE-2017-1000083

Weakness Enumeration

Related Identifiers

Affected Products

References · 44