Search for vulnerabilities
Vulnerability details: VCID-jue6-2hcd-aaas
Vulnerability ID VCID-jue6-2hcd-aaas
Aliases CVE-2017-1000083
Summary backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000083.html
rhas Important https://access.redhat.com/errata/RHSA-2017:2388
cvssv3 7.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000083.json
epss 0.19986 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.19986 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.21643 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.21643 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.21643 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.21643 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.21643 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.21643 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.21643 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.21643 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.25312 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.25312 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.25312 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.78074 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.79825 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.79825 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.79825 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.79825 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.79825 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.79825 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.79825 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.79825 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.79825 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.79825 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.79825 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.79825 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
epss 0.81161 https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1468488
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000083
cvssv2 6.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 6.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2017-1000083
cvssv3 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-1000083
archlinux Critical https://security.archlinux.org/AVG-348
generic_textual Medium https://ubuntu.com/security/notices/USN-3351-1
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000083.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000083.json
https://api.first.org/data/v1/epss?cve=CVE-2017-1000083
https://bugzilla.gnome.org/show_bug.cgi?id=784630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000083
http://seclists.org/oss-sec/2017/q3/128
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee
https://ubuntu.com/security/notices/USN-3351-1
https://www.exploit-db.com/exploits/45824/
https://www.exploit-db.com/exploits/46341/
http://www.debian.org/security/2017/dsa-3911
http://www.securityfocus.com/bid/99597
1468488 https://bugzilla.redhat.com/show_bug.cgi?id=1468488
868500 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868500
ASA-201707-14 https://security.archlinux.org/ASA-201707-14
AVG-348 https://security.archlinux.org/AVG-348
cpe:2.3:a:gnome:evince:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:evince:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVE-2017-1000083 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/45824.txt
CVE-2017-1000083 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46341.rb
CVE-2017-1000083 https://nvd.nist.gov/vuln/detail/CVE-2017-1000083
CVE-2017-1000083 Exploit https://raw.githubusercontent.com/rapid7/metasploit-framework/0dbad5d2e3c9e9c4cfb6203b99a2b437b18a0105/modules/exploits/multi/fileformat/evince_cbt_cmd_injection.rb
RHSA-2017:2388 https://access.redhat.com/errata/RHSA-2017:2388
USN-3351-1 https://usn.ubuntu.com/3351-1/
Data source Exploit-DB
Date added Feb. 11, 2019
Description Evince - CBT File Command Injection (Metasploit)
Ransomware campaign use Known
Source publication date Feb. 11, 2019
Exploit type local
Platform linux
Source update date Feb. 11, 2019
Source URL https://raw.githubusercontent.com/rapid7/metasploit-framework/0dbad5d2e3c9e9c4cfb6203b99a2b437b18a0105/modules/exploits/multi/fileformat/evince_cbt_cmd_injection.rb
Data source Metasploit
Description This module exploits a command injection vulnerability in Evince before version 3.24.1 when opening comic book `.cbt` files. Some file manager software, such as Nautilus and Atril, may allow automatic exploitation without user interaction due to thumbnailer preview functionality. Note that limited space is available for the payload (<256 bytes). Reverse Bash and Reverse Netcat payloads should be sufficiently small. This module has been tested successfully on evince versions: 3.4.0-3.1 + nautilus 3.4.2-1+build1 on Kali 1.0.6; 3.18.2-1ubuntu4.3 + atril 1.12.2-1ubuntu0.3 on Ubuntu 16.04.
Note 
{}
Ransomware campaign use Unknown
Source publication date July 13, 2017
Platform Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/fileformat/evince_cbt_cmd_injection.rb
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000083.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2017-1000083
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-1000083
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.96523
EPSS Score 0.19986
Published At Dec. 13, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.