{"id":"ALSA-2026:28998","summary":"Important: evince security update","details":"The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files.  \n\nSecurity Fix(es):  \n\n  * atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen (CVE-2026-46529)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","modified":"2026-06-25T14:00:04.873263511Z","published":"2026-06-24T00:00:00Z","related":["CVE-2026-46529"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:28998"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-46529"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2487669"},{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2026-28998.html"}],"affected":[{"package":{"name":"evince","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/evince"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.28.4-17.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:28998.json"}},{"package":{"name":"evince-browser-plugin","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/evince-browser-plugin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.28.4-17.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:28998.json"}},{"package":{"name":"evince-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/evince-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.28.4-17.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:28998.json"}},{"package":{"name":"evince-libs","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/evince-libs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.28.4-17.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:28998.json"}},{"package":{"name":"evince-nautilus","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/evince-nautilus"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.28.4-17.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:28998.json"}}],"schema_version":"1.7.5"}