Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-148n-shyv-nfd5

Summary arbitrary command execution

Aliases

alias	CVE-2017-1000083

Fixed_packages

url	pkg:alpm/archlinux/evince@3.24.0%2B12%2Bg717df38f-1
purl	pkg:alpm/archlinux/evince@3.24.0%2B12%2Bg717df38f-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/evince@3.24.0%252B12%252Bg717df38f-1

url	pkg:deb/debian/atril@1.16.1-2.1?distro=trixie
purl	pkg:deb/debian/atril@1.16.1-2.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.16.1-2.1%3Fdistro=trixie

url	pkg:deb/debian/atril@1.24.0-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/atril@1.24.0-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.24.0-1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/atril@1.26.0-2%2Bdeb12u3?distro=trixie

purl pkg:deb/debian/atril@1.26.0-2%2Bdeb12u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7jms-q9sm-skh4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.26.0-2%252Bdeb12u3%3Fdistro=trixie

url pkg:deb/debian/atril@1.26.2-4?distro=trixie

purl pkg:deb/debian/atril@1.26.2-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7jms-q9sm-skh4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.26.2-4%3Fdistro=trixie

url	pkg:deb/debian/atril@1.28.4-1?distro=trixie
purl	pkg:deb/debian/atril@1.28.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.28.4-1%3Fdistro=trixie

url	pkg:deb/debian/evince@3.22.1-4?distro=trixie
purl	pkg:deb/debian/evince@3.22.1-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/evince@3.22.1-4%3Fdistro=trixie

url	pkg:deb/debian/evince@3.38.2-1?distro=trixie
purl	pkg:deb/debian/evince@3.38.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/evince@3.38.2-1%3Fdistro=trixie

url	pkg:deb/debian/evince@43.1-2?distro=trixie
purl	pkg:deb/debian/evince@43.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/evince@43.1-2%3Fdistro=trixie

url	pkg:deb/debian/evince@48.1-3?distro=trixie
purl	pkg:deb/debian/evince@48.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/evince@48.1-3%3Fdistro=trixie

url	pkg:deb/debian/evince@49~alpha.1-1?distro=trixie
purl	pkg:deb/debian/evince@49~alpha.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/evince@49~alpha.1-1%3Fdistro=trixie

Affected_packages

url pkg:alpm/archlinux/evince@3.24.0%2B8%2Bga8363215-1

purl pkg:alpm/archlinux/evince@3.24.0%2B8%2Bga8363215-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-148n-shyv-nfd5

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/evince@3.24.0%252B8%252Bga8363215-1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000083

reference_id

reference_type

scores

value	0.76136
scoring_system	epss
scoring_elements	0.98945
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000083

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000083
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000083

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868500
reference_id	868500
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868500

reference_url	https://security.archlinux.org/ASA-201707-14
reference_id	ASA-201707-14
reference_type
scores
url	https://security.archlinux.org/ASA-201707-14

reference_url

https://security.archlinux.org/AVG-348

reference_id

AVG-348

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-348

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/45824.txt
reference_id	CVE-2017-1000083
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/45824.txt

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46341.rb
reference_id	CVE-2017-1000083
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46341.rb

reference_url	https://raw.githubusercontent.com/rapid7/metasploit-framework/0dbad5d2e3c9e9c4cfb6203b99a2b437b18a0105/modules/exploits/multi/fileformat/evince_cbt_cmd_injection.rb
reference_id	CVE-2017-1000083
reference_type	exploit
scores
url	https://raw.githubusercontent.com/rapid7/metasploit-framework/0dbad5d2e3c9e9c4cfb6203b99a2b437b18a0105/modules/exploits/multi/fileformat/evince_cbt_cmd_injection.rb

reference_url	https://usn.ubuntu.com/3351-1/
reference_id	USN-3351-1
reference_type
scores
url	https://usn.ubuntu.com/3351-1/

Weaknesses

Exploits

date_added	`null`
description	This module exploits a command injection vulnerability in Evince before version 3.24.1 when opening comic book `.cbt` files. Some file manager software, such as Nautilus and Atril, may allow automatic exploitation without user interaction due to thumbnailer preview functionality. Note that limited space is available for the payload (<256 bytes). Reverse Bash and Reverse Netcat payloads should be sufficiently small. This module has been tested successfully on evince versions: 3.4.0-3.1 + nautilus 3.4.2-1+build1 on Kali 1.0.6; 3.18.2-1ubuntu4.3 + atril 1.12.2-1ubuntu0.3 on Ubuntu 16.04.
required_action	`null`
due_date	`null`
notes	Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects
known_ransomware_campaign_use	`false`
source_date_published	2017-07-13
exploit_type	`null`
platform	Unix
source_date_updated	`null`
data_source	Metasploit
source_url	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/fileformat/evince_cbt_cmd_injection.rb

date_added	2019-02-11
description	Evince - CBT File Command Injection (Metasploit)
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2019-02-11
exploit_type	local
platform	linux
source_date_updated	2019-02-11
data_source	Exploit-DB
source_url	https://raw.githubusercontent.com/rapid7/metasploit-framework/0dbad5d2e3c9e9c4cfb6203b99a2b437b18a0105/modules/exploits/multi/fileformat/evince_cbt_cmd_injection.rb

Severity_range_score 6.3 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-148n-shyv-nfd5

Vulnerability Instance