Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-1000083

Опубликовано: 05 сент. 2017
Источник: ubuntu
Приоритет: medium
EPSS Высокий
CVSS2: 6.8
CVSS3: 7.8

Описание

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

РелизСтатусПримечание
artful

not-affected

1.18.1-1
devel

not-affected

1.18.1-1
esm-apps/xenial

released

1.12.2-1ubuntu0.2
esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

1.18.0-1
vivid/ubuntu-core

DNE

xenial

released

1.12.2-1ubuntu0.2

Показывать по

РелизСтатусПримечание
artful

not-affected

3.24.1-0ubuntu1
devel

not-affected

3.24.1-0ubuntu1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [3.10.3-0ubuntu10.3]]
esm-infra/xenial

released

3.18.2-1ubuntu4.1
precise/esm

DNE

trusty

released

3.10.3-0ubuntu10.3
trusty/esm

DNE

trusty was released [3.10.3-0ubuntu10.3]
upstream

released

3.24.1
vivid/ubuntu-core

DNE

xenial

released

3.18.2-1ubuntu4.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 99%
0.76668
Высокий

6.8 Medium

CVSS2

7.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-1000083

CVSS3: 7.1
redhat
больше 8 лет назад

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

nvd логотип

CVE-2017-1000083

CVSS3: 7.8
nvd
около 8 лет назад

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

debian логотип

CVE-2017-1000083

CVSS3: 7.8
debian
около 8 лет назад

backend/comics/comics-document.c (aka the comic book backend) in GNOME ...

suse-cvrf логотип

openSUSE-SU-2017:3431-1

suse-cvrf
почти 8 лет назад

Security update for evince

suse-cvrf логотип

openSUSE-SU-2017:1933-1

suse-cvrf
больше 8 лет назад

Security update for evince

EPSS

Процентиль: 99%
0.76668
Высокий

6.8 Medium

CVSS2

7.8 High

CVSS3

Уязвимость CVE-2017-1000083