{"id":"CVE-2017-1000159","details":"Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.","modified":"2026-05-15T06:56:10.344926Z","published":"2017-11-27T15:29:00.243Z","related":["SUSE-SU-2018:0639-1","SUSE-SU-2018:0947-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00006.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html"},{"type":"WEB","url":"https://seclists.org/bugtraq/2020/Feb/18"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201804-15"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4624"},{"type":"FIX","url":"https://bugzilla.gnome.org/show_bug.cgi?id=784947"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/evince","events":[{"introduced":"0"},{"fixed":"26d63918f38ba114aeca95ca8eb31b94561b6303"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"3.25.91"}],"cpe":"cpe:2.3:a:gnome:evince:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["3.25.4","3.24.0","3.22.0","3.21.92","3.21.4","3.21.3","3.20.0","3.19.92","3.18.0","3.17.92","3.17.4","3.17.3","3.17.2","3.17.1","3.16.0","3.15.92","3.15.90","3.15.4","3.14.1","3.14.0","3.13.92","3.13.91","3.13.90","3.13.3.1","3.13.3","3.11.92","3.11.90","3.11.3","3.11.1","3.10.0","3.9.90","3.9.5","3.9.4","3.9.3","3.9.2","3.8.0","3.7.92","3.7.90","3.7.5","3.7.4","3.7.1","3.6.0","3.5.92","3.5.90","3.5.5","3.5.4","3.5.3","3.5.2","3.4.0","3.3.92","3.3.90","3.3.5","3.3.4","3.3.3.1","3.3.3","3.3.2","3.2.1","3.2.0","3.1.90.1","3.1.90","3.1.2","EVINCE_3_0_0","EVINCE_2_91_93","EVINCE_2_91_92","EVINCE_2_91_90","EVINCE_2_91_6","EVINCE_2_91_5","EVINCE_2_91_4","EVINCE_2_91_3","EVINCE_2_91_2","EVINCE_2_91_1","EVINCE_2_91_0","EVINCE_2_31_90","EVINCE_2_31_6_1","EVINCE_2_31_6","EVINCE_2_31_5","EVINCE_2_31_4_1","EVINCE_2_31_4","EVINCE_2_31_3","EVINCE_2_31_2","EVINCE_2_31_1","EVINCE_2_30_0","EVINCE_2_29_92","EVINCE_2_29_91","EVINCE_2_29_5","EVINCE_2_29_4","EVINCE_2_29_3","EVINCE_2_29_2","EVINCE_2_29_1","EVINCE_2_27_90","EVINCE_2_27_4","EVINCE_2_27_3","EVINCE_2_27_1","EVINCE_2_26_0","EVINCE_2_25_92","EVINCE_2_25_91","EVINCE_2_25_90","EVINCE_2_25_5","EVINCE_2_25_4","EVINCE_2_25_2","EVINCE_2_25_1","EVINCE_2_24_1","EVINCE_2_24_0","EVINCE_2_23_92","EVINCE_2_23_91","EVINCE_2_23_5","EVINCE_2_23_4","EVINCE_2_22_1_1","EVINCE_2_22_1","EVINCE_2_22_0","EVINCE_2_21_91","EVINCE_2_21_90","EVINCE_2_21_1","EVINCE_2_20_0","EVINCE_2_19_92","EVINCE_2_19_4","EVINCE_0_9_3","EVINCE_0_9_2","EVINCE_0_9_1","EVINCE_0_9_0","EVINCE_0_8_1","EVINCE_0_8_0","EVINCE_0_7_2","EVINCE_0_7_1","EVINCE_0_7_0","GNOME_2_16_BRANCHPOINT","EVINCE_0_6_1","EVINCE_0_6_0","EVINCE_0_5_5","EVINCE_0_5_4","EVINCE_0_5_3","GNOME_2_14_BRANCHPOINT","EVINCE_0_5_2","EVINCE_0_5_1","EVINCE_0_5_0","GNOME_2_12_BRANCHPOINT","EVINCE_0_4_0","EVINCE_0_3_3","EVINCE_0_3_1","EVINCE_0_3_0","EVINCE_0_2_1","EVINCE_0_2_0","EVINCE_0_1_9","EVINCE_0_1_8","EVINCE_0_1_7","EVINCE_0_1_6","EVINCE_0_1_5","EVINCE_0_1_4","EVINCE_0_1_3","EVINCE_0_1_1","EVINCE_0_1_0","start","GPDF_2_9_1","GPDF_2_8_1","GNOME_2_8_ANCHOR","GPDF_2_8_0","GPDF_2_7_91","GPDF_MODES_ANCHOR","GPDF_2_7_90","GPDF_2_7_2","GPDF_2_7_1","XPDF_3_00","XPDF_2_03","BEFORE_XPDF_3_MERGE","GPDF_0_131","GPDF_0_130","GPDF_0_125","GPDF_0_124","GPDF_0_123","GNOME_2_6_ANCHOR","GPDF_0_122","GPDF_0_121","GPDF_0_120","GPDF_0_112_1","GPDF_0_112","GPDF_0_111","GNOME_2_4_ANCHOR","GPDF_0_110","GPDF_0_106","GPDF_0_105","GPDF_OUTLINES_ANCHOR","GPDF_0_104","GPDF_0_103","GPDF_0_102","GPDF_0_101","GPDF_0_100","XPDF_2_02","XPDF_2_01","XPDF_2_00","XPDF_1_01","BEFORE_GNOME_PRINT","GPDF_FOR_GNOME_1_4","BONOBO_BEFORE_API_RENAME","BEFORE_NEW_UI_HANDLER_1","EAZEL-NAUTILUS-MS-AUG07","EAZEL-NAUTILUS-MS-JULY_5","nautilus_ms_may_31","ChangeLog","XPDF_0_80"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000159.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}