CVE-2017-1000083

Priority
Medium
Description
The comic book backend in evince 3.24.0 is vulnerable to a command
injection bug that can be used to execute arbitrary commands when a cbt
file is opened.
Ubuntu-Description
Felix Wilhelm discovered that Evince did not safely invoke tar when
handling tar comic book (cbt) files. An attacker could use this to
construct a malicious comic book format file that, when opened in
Evince, executes arbitrary code.
References
Bugs
Notes
 sbeattie> upstream evince in git has switched to using libarchive
 sbeattie> The fix for this issue disables CBT support, as tar offers to
  many opportunities to invoke commands and CBT is a rarely used comic
  book format.
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (3.10.3-0ubuntu10.3)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (3.18.2-1ubuntu4.1)
Ubuntu 16.10 (Yakkety Yak):released (3.22.0-0ubuntu1.1)
Ubuntu 17.04 (Zesty Zapus):released (3.24.0-0ubuntu1.1)
Package
Source: atril (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 16.10 (Yakkety Yak):ignored (reached end-of-life)
Ubuntu 17.04 (Zesty Zapus):needed
More Information

Updated: 2017-07-20 20:25:45 UTC (commit 12927)