CVE-2017-1000083 (retired)

Priority
Description
backend/comics/comics-document.c (aka the comic book backend) in GNOME
Evince before 3.24.1 allows remote attackers to execute arbitrary commands
via a .cbt file that is a TAR archive containing a filename beginning with
a "--" command-line option substring, as demonstrated by a
--checkpoint-action=exec=bash at the beginning of the filename.
Ubuntu-Description
Felix Wilhelm discovered that Evince did not safely invoke tar when
handling tar comic book (cbt) files. An attacker could use this to
construct a malicious comic book format file that, when opened in
Evince, executes arbitrary code.
Notes
 sbeattie> upstream evince in git has switched to using libarchive
 sbeattie> The fix for this issue disables CBT support, as tar offers to
many opportunities to invoke commands and CBT is a rarely used comic
book format.
Package
Source: atril (LP Ubuntu Debian)
Upstream:released (1.18.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.12.2-1ubuntu0.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.18.1-1)
Package
Upstream:released (3.24.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (3.18.2-1ubuntu4.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.24.1-0ubuntu1)
More Information

Updated: 2019-09-19 16:00:55 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)