vulnerability

FreeBSD: VID-01a197ca-67f1-11e7-a266-28924a333806 (CVE-2017-1000083): evince and atril -- command injection vulnerability in CBT handler

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Jul 13, 2017	Aug 22, 2017	Dec 10, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Jul 13, 2017

Added

Aug 22, 2017

Modified

Dec 10, 2025

Description

GNOME reports: The comic book backend in evince 3.24.0 (and earlier) is vulnerable to a command injection bug that can be used to execute arbitrary commands when a CBT file is opened. The same vulnerability affects atril, the Evince fork.

Solutions

freebsd-upgrade-package-evincefreebsd-upgrade-package-evince-litefreebsd-upgrade-package-atrilfreebsd-upgrade-package-atril-lite

References

CVE-2017-100008
https://attackerkb.com/topics/CVE-2017-100008

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today