Search for packages
Package details: pkg:deb/debian/evince@3.14.1-2%2Bdeb8u2
purl pkg:deb/debian/evince@3.14.1-2%2Bdeb8u2
Next non-vulnerable version 3.38.2-1
Latest non-vulnerable version 3.38.2-1
Risk 10.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-g4dd-e3cb-aaaj
Aliases:
CVE-2019-11459
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
3.22.1-3+deb9u2
Affected by 5 other vulnerabilities.
3.30.2-3+deb10u1
Affected by 1 other vulnerability.
3.38.2-1
Affected by 0 other vulnerabilities.
VCID-jrm1-d798-aaam
Aliases:
CVE-2023-51698
Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.
3.30.2-3+deb10u1
Affected by 1 other vulnerability.
VCID-jt91-yd9q-aaab
Aliases:
CVE-2019-1010006
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail.
3.22.1-3+deb9u2
Affected by 5 other vulnerabilities.
3.30.2-3+deb10u1
Affected by 1 other vulnerability.
VCID-jue6-2hcd-aaas
Aliases:
CVE-2017-1000083
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
3.22.1-3+deb9u2
Affected by 5 other vulnerabilities.
3.30.2-3+deb10u1
Affected by 1 other vulnerability.
VCID-rj5r-1412-aaas
Aliases:
CVE-2017-1000159
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.
3.22.1-3+deb9u2
Affected by 5 other vulnerabilities.
3.30.2-3+deb10u1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-jue6-2hcd-aaas backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename. CVE-2017-1000083

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T18:09:07.964941+00:00 Debian Oval Importer Affected by VCID-g4dd-e3cb-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:00:11.818643+00:00 Debian Oval Importer Affected by VCID-g4dd-e3cb-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T17:05:37.125595+00:00 Debian Oval Importer Affected by VCID-jt91-yd9q-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:59:50.345503+00:00 Debian Oval Importer Affected by VCID-jue6-2hcd-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:19:50.459810+00:00 Debian Oval Importer Affected by VCID-rj5r-1412-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:02:53.150838+00:00 Debian Oval Importer Affected by VCID-jue6-2hcd-aaas https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:40:42.500054+00:00 Debian Oval Importer Affected by VCID-g4dd-e3cb-aaaj https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:20:50.933811+00:00 Debian Oval Importer Affected by VCID-jt91-yd9q-aaab https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:13:10.529202+00:00 Debian Oval Importer Affected by VCID-rj5r-1412-aaas https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T09:54:16.732140+00:00 Debian Oval Importer Fixing VCID-jue6-2hcd-aaas https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.3
2025-06-21T00:20:55.426513+00:00 Debian Oval Importer Affected by VCID-g4dd-e3cb-aaaj None 36.1.3
2025-06-20T22:19:58.277671+00:00 Debian Oval Importer Affected by VCID-jt91-yd9q-aaab None 36.1.3
2025-06-20T20:13:41.960672+00:00 Debian Oval Importer Affected by VCID-jue6-2hcd-aaas None 36.1.3
2025-06-20T19:57:38.904856+00:00 Debian Oval Importer Affected by VCID-rj5r-1412-aaas None 36.1.3
2025-06-20T19:48:29.501194+00:00 Debian Oval Importer Fixing VCID-jue6-2hcd-aaas None 36.1.3
2025-06-08T10:40:35.067068+00:00 Debian Oval Importer Affected by VCID-g4dd-e3cb-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:31:52.930056+00:00 Debian Oval Importer Affected by VCID-g4dd-e3cb-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:50:29.518273+00:00 Debian Oval Importer Affected by VCID-jt91-yd9q-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:53:11.825471+00:00 Debian Oval Importer Affected by VCID-jue6-2hcd-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:14:24.811711+00:00 Debian Oval Importer Affected by VCID-rj5r-1412-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:33:25.512338+00:00 Debian Oval Importer Affected by VCID-jue6-2hcd-aaas https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:20:27.640093+00:00 Debian Oval Importer Affected by VCID-g4dd-e3cb-aaaj https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:07:48.738488+00:00 Debian Oval Importer Affected by VCID-jt91-yd9q-aaab https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:02:07.677786+00:00 Debian Oval Importer Affected by VCID-rj5r-1412-aaas https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T03:43:04.459806+00:00 Debian Oval Importer Fixing VCID-jue6-2hcd-aaas https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.0
2025-06-07T17:43:51.010872+00:00 Debian Oval Importer Affected by VCID-g4dd-e3cb-aaaj None 36.1.0
2025-06-07T15:44:08.163818+00:00 Debian Oval Importer Affected by VCID-jt91-yd9q-aaab None 36.1.0
2025-06-07T13:55:05.776939+00:00 Debian Oval Importer Affected by VCID-jue6-2hcd-aaas None 36.1.0
2025-06-07T13:47:19.320344+00:00 Debian Oval Importer Affected by VCID-rj5r-1412-aaas None 36.1.0
2025-06-07T13:40:36.874366+00:00 Debian Oval Importer Fixing VCID-jue6-2hcd-aaas None 36.1.0
2025-04-12T22:47:52.163543+00:00 Debian Oval Importer Affected by VCID-jrm1-d798-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:47:50.066236+00:00 Debian Oval Importer Affected by VCID-jrm1-d798-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-12T22:14:19.708447+00:00 Debian Oval Importer Affected by VCID-rj5r-1412-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:07:23.441911+00:00 Debian Oval Importer Affected by VCID-jt91-yd9q-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:06:57.398547+00:00 Debian Oval Importer Affected by VCID-jue6-2hcd-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:22:18.542934+00:00 Debian Oval Importer Affected by VCID-g4dd-e3cb-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:13:13.921263+00:00 Debian Oval Importer Affected by VCID-g4dd-e3cb-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:22:41.735337+00:00 Debian Oval Importer Affected by VCID-jt91-yd9q-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:24:43.166542+00:00 Debian Oval Importer Affected by VCID-jue6-2hcd-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:46:35.123215+00:00 Debian Oval Importer Affected by VCID-rj5r-1412-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:03:53.050151+00:00 Debian Oval Importer Affected by VCID-jue6-2hcd-aaas https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:49:57.514063+00:00 Debian Oval Importer Affected by VCID-g4dd-e3cb-aaaj https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:36:26.345434+00:00 Debian Oval Importer Affected by VCID-jt91-yd9q-aaab https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:30:28.322193+00:00 Debian Oval Importer Affected by VCID-rj5r-1412-aaas https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:10:51.274813+00:00 Debian Oval Importer Fixing VCID-jue6-2hcd-aaas https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.0.0
2025-04-07T16:19:59.844262+00:00 Debian Oval Importer Affected by VCID-g4dd-e3cb-aaaj None 36.0.0
2025-04-07T14:14:54.101327+00:00 Debian Oval Importer Affected by VCID-jt91-yd9q-aaab None 36.0.0
2025-04-07T12:29:52.072328+00:00 Debian Oval Importer Affected by VCID-jue6-2hcd-aaas None 36.0.0
2025-04-07T12:22:24.455461+00:00 Debian Oval Importer Affected by VCID-rj5r-1412-aaas None 36.0.0
2025-04-07T12:15:56.617872+00:00 Debian Oval Importer Fixing VCID-jue6-2hcd-aaas None 36.0.0