CVE-2017-1000159

Impact:
Moderate
Public Date:
2017-07-14
CWE:
CWE-77
Bugzilla:
1521210: CVE-2017-1000159 evince: Command injection when exporting to PDF

The MITRE CVE dictionary describes this issue as:

Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.

Find out more about CVE-2017-1000159 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects the versions of evince as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 7.8
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 evince Will not fix
Red Hat Enterprise Linux 6 evince Will not fix
Red Hat Enterprise Linux 5 evince Not affected

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.