CVE-2017-1000083 (retired)

Priority
Description
backend/comics/comics-document.c (aka the comic book backend) in GNOME
Evince before 3.24.1 allows remote attackers to execute arbitrary commands
via a .cbt file that is a TAR archive containing a filename beginning with
a "--" command-line option substring, as demonstrated by a
--checkpoint-action=exec=bash at the beginning of the filename.
Ubuntu-Description
Felix Wilhelm discovered that Evince did not safely invoke tar when
handling tar comic book (cbt) files. An attacker could use this to
construct a malicious comic book format file that, when opened in
Evince, executes arbitrary code.
Notes
 sbeattie> upstream evince in git has switched to using libarchive
 sbeattie> The fix for this issue disables CBT support, as tar offers to
  many opportunities to invoke commands and CBT is a rarely used comic
  book format.
Package
Source: atril (LP Ubuntu Debian)
Upstream:released (1.18.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.12.2-1ubuntu0.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.18.1-1)
Package
Upstream:released (3.24.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (3.10.3-0ubuntu10.3)
Ubuntu 16.04 LTS (Xenial Xerus):released (3.18.2-1ubuntu4.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.24.1-0ubuntu1)
More Information

Updated: 2019-03-26 12:24:14 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)