{"id":"CVE-2017-1000083","details":"backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a \"--\" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.","modified":"2026-04-16T01:38:19.196643648Z","published":"2017-09-05T06:29:00.180Z","related":["SUSE-SU-2017:1893-1","SUSE-SU-2017:1894-1","SUSE-SU-2017:2390-1","SUSE-SU-2017:3428-1","openSUSE-SU-2024:10742-1"],"references":[{"type":"ADVISORY","url":"http://seclists.org/oss-sec/2017/q3/128"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3911"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/99597"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2388"},{"type":"ADVISORY","url":"https://bugzilla.gnome.org/show_bug.cgi?id=784630"},{"type":"ADVISORY","url":"https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee"},{"type":"ADVISORY","url":"https://www.exploit-db.com/exploits/45824/"},{"type":"ADVISORY","url":"https://www.exploit-db.com/exploits/46341/"},{"type":"REPORT","url":"https://bugzilla.gnome.org/show_bug.cgi?id=784630"},{"type":"REPORT","url":"https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee"},{"type":"FIX","url":"https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee"},{"type":"ARTICLE","url":"http://seclists.org/oss-sec/2017/q3/128"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/45824/"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/46341/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/evince","events":[{"introduced":"0"},{"fixed":"717df38fd8509bf883b70d680c9b1b3cf36732ee"}]}],"versions":["3.1.2","3.1.90","3.1.90.1","3.10.0","3.11.1","3.11.3","3.11.90","3.11.92","3.13.3","3.13.3.1","3.13.90","3.13.91","3.13.92","3.14.0","3.14.1","3.15.4","3.15.90","3.15.92","3.16.0","3.17.1","3.17.2","3.17.3","3.17.4","3.17.92","3.18.0","3.19.92","3.2.0","3.2.1","3.20.0","3.21.3","3.21.4","3.21.92","3.22.0","3.24.0","3.3.2","3.3.3","3.3.3.1","3.3.4","3.3.5","3.3.90","3.3.92","3.4.0","3.5.2","3.5.3","3.5.4","3.5.5","3.5.90","3.5.92","3.6.0","3.7.1","3.7.4","3.7.5","3.7.90","3.7.92","3.8.0","3.9.2","3.9.3","3.9.4","3.9.5","3.9.90","BEFORE_GNOME_PRINT","BEFORE_NEW_UI_HANDLER_1","BEFORE_XPDF_3_MERGE","BONOBO_BEFORE_API_RENAME","ChangeLog","EAZEL-NAUTILUS-MS-AUG07","EAZEL-NAUTILUS-MS-JULY_5","EVINCE_0_1_0","EVINCE_0_1_1","EVINCE_0_1_3","EVINCE_0_1_4","EVINCE_0_1_5","EVINCE_0_1_6","EVINCE_0_1_7","EVINCE_0_1_8","EVINCE_0_1_9","EVINCE_0_2_0","EVINCE_0_2_1","EVINCE_0_3_0","EVINCE_0_3_1","EVINCE_0_3_3","EVINCE_0_4_0","EVINCE_0_5_0","EVINCE_0_5_1","EVINCE_0_5_2","EVINCE_0_5_3","EVINCE_0_5_4","EVINCE_0_5_5","EVINCE_0_6_0","EVINCE_0_6_1","EVINCE_0_7_0","EVINCE_0_7_1","EVINCE_0_7_2","EVINCE_0_8_0","EVINCE_0_8_1","EVINCE_0_9_0","EVINCE_0_9_1","EVINCE_0_9_2","EVINCE_0_9_3","EVINCE_2_19_4","EVINCE_2_19_92","EVINCE_2_20_0","EVINCE_2_21_1","EVINCE_2_21_90","EVINCE_2_21_91","EVINCE_2_22_0","EVINCE_2_22_1","EVINCE_2_22_1_1","EVINCE_2_23_4","EVINCE_2_23_5","EVINCE_2_23_91","EVINCE_2_23_92","EVINCE_2_24_0","EVINCE_2_24_1","EVINCE_2_25_1","EVINCE_2_25_2","EVINCE_2_25_4","EVINCE_2_25_5","EVINCE_2_25_90","EVINCE_2_25_91","EVINCE_2_25_92","EVINCE_2_26_0","EVINCE_2_27_1","EVINCE_2_27_3","EVINCE_2_27_4","EVINCE_2_27_90","EVINCE_2_29_1","EVINCE_2_29_2","EVINCE_2_29_3","EVINCE_2_29_4","EVINCE_2_29_5","EVINCE_2_29_91","EVINCE_2_29_92","EVINCE_2_30_0","EVINCE_2_31_1","EVINCE_2_31_2","EVINCE_2_31_3","EVINCE_2_31_4","EVINCE_2_31_4_1","EVINCE_2_31_5","EVINCE_2_31_6","EVINCE_2_31_6_1","EVINCE_2_31_90","EVINCE_2_91_0","EVINCE_2_91_1","EVINCE_2_91_2","EVINCE_2_91_3","EVINCE_2_91_4","EVINCE_2_91_5","EVINCE_2_91_6","EVINCE_2_91_90","EVINCE_2_91_92","EVINCE_2_91_93","EVINCE_3_0_0","GNOME_2_12_BRANCHPOINT","GNOME_2_14_BRANCHPOINT","GNOME_2_16_BRANCHPOINT","GNOME_2_4_ANCHOR","GNOME_2_6_ANCHOR","GNOME_2_8_ANCHOR","GPDF_0_100","GPDF_0_101","GPDF_0_102","GPDF_0_103","GPDF_0_104","GPDF_0_105","GPDF_0_106","GPDF_0_110","GPDF_0_111","GPDF_0_112","GPDF_0_112_1","GPDF_0_120","GPDF_0_121","GPDF_0_122","GPDF_0_123","GPDF_0_124","GPDF_0_125","GPDF_0_130","GPDF_0_131","GPDF_2_7_1","GPDF_2_7_2","GPDF_2_7_90","GPDF_2_7_91","GPDF_2_8_0","GPDF_2_8_1","GPDF_2_9_1","GPDF_FOR_GNOME_1_4","GPDF_MODES_ANCHOR","GPDF_OUTLINES_ANCHOR","XPDF_0_80","XPDF_1_01","XPDF_2_00","XPDF_2_01","XPDF_2_02","XPDF_2_03","XPDF_3_00","nautilus_ms_may_31","start"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000083.json","vanir_signatures":[{"id":"CVE-2017-1000083-c89e54ba","signature_type":"Line","deprecated":false,"signature_version":"v1","target":{"file":"backend/comics/comics-document.c"},"source":"https://github.com/gnome/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee","digest":{"line_hashes":["312714457583944376731696902602294371095","223519308804062957417558195174503856299","15115829524421923855743863704255446665","203989038243344374161874700801576876651","199139336508490038052339496376934560324","84508328176133598733095760490162092720","191648451016349326789664216788450253749","288885710363713819221004200109588801118","246830350622649135029133417643349227754","20864526219010679848939170731710440955","287721152332752511446227246224567851434","235146299436314475509972971875413242830","182316241376125787055295620228860873085","44078162779131897542881645397433884730","303860866650923508708659860043259371754","115191749061635065561427485398467233030","142689449909290656529817320741779089114","110661981884973136622993422486274563568","186613414048512997444801068377529859934","287721152332752511446227246224567851434","235146299436314475509972971875413242830","182316241376125787055295620228860873085","44078162779131897542881645397433884730","303860866650923508708659860043259371754","18211576225887500099925781195751596886","39938716946911988796185171651467296845","1101906486505059228821278026338499320","186613414048512997444801068377529859934","287721152332752511446227246224567851434","235146299436314475509972971875413242830","182316241376125787055295620228860873085","44078162779131897542881645397433884730","303860866650923508708659860043259371754","329269682528656785589991310285684729355","61360594955506596317451511839038184453","287933047982646234030397127094546843630","159929408998861331852182090404667039942","224106339519722963756298825612476793838","261836499694021177825914310165659031965","335156556252337639266977783420942974976","303860866650923508708659860043259371754","16616284672597501969475611696252392201","287721152332752511446227246224567851434","235146299436314475509972971875413242830","182316241376125787055295620228860873085","44078162779131897542881645397433884730","303860866650923508708659860043259371754","45851823672366929482143294422512487146","272476715189772005769918939417608112968","329530554731410360947728840016293900527"],"threshold":0.9}},{"id":"CVE-2017-1000083-d035625b","source":"https://github.com/gnome/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee","target":{"function":"comics_check_decompress_command","file":"backend/comics/comics-document.c"},"signature_version":"v1","signature_type":"Function","deprecated":false,"digest":{"length":3031,"function_hash":"103951368039201770788031956160509395816"}}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}