Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 25 results


CVE-2023-51698

High priority
Needs evaluation

Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted...

2 affected packages

atril, evince

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
atril Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
evince Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2013-3718

Medium priority
Ignored

evince is missing a check on number of pages which can lead to a segmentation fault

1 affected packages

evince

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evince
Show less packages

CVE-2019-1010006

Medium priority

Some fixes available 1 of 16

Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an...

2 affected packages

atril, evince

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
atril Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
evince Not affected Not affected Not affected Not affected Fixed
Show less packages

CVE-2019-11459

Medium priority

Some fixes available 15 of 30

The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when...

2 affected packages

atril, evince

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
atril Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
evince Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2017-1000159

Medium priority

Some fixes available 5 of 6

Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.

2 affected packages

atril, evince

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
atril Fixed
evince Fixed
Show less packages

CVE-2017-1000083

Medium priority

Some fixes available 5 of 7

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--"...

2 affected packages

atril, evince

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
atril Fixed
evince Fixed
Show less packages

CVE-2011-5244

Medium priority

Some fixes available 1 of 2

Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of...

1 affected packages

evince

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evince
Show less packages

CVE-2011-0433

Medium priority

Some fixes available 7 of 11

Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute...

2 affected packages

evince, t1lib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evince
t1lib
Show less packages

CVE-2010-2643

Medium priority

Some fixes available 4 of 5

Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

1 affected packages

evince

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evince
Show less packages

CVE-2010-2642

Medium priority

Some fixes available 9 of 13

Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application...

2 affected packages

evince, t1lib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evince
t1lib
Show less packages