Remote Code Execution Vulnerability in GNOME Evince PDF Viewer
CVE-2017-1000083

7.8HIGH

Key Information:

Vendor
Gnome
Status
Evince
Vendor
CVE Published:
5 September 2017

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 78%

Summary

A vulnerability exists in the backend/comics/comics-document.c of GNOME Evince versions prior to 3.24.1 that allows remote attackers to execute arbitrary commands. This can be exploited by crafting a .cbt file, which is essentially a TAR archive containing a filename with a leading '--' command-line option substring. For instance, a filename like '--checkpoint-action=exec=bash' can trigger this vulnerability, granting an attacker control over the affected system.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2017-1000083
Created by Rapid7

evince-cve-2017-1000083
Created by matlink

cve-2017-1000083-atril-nautilus
Created by matlink

References

https://www.exploit-db.com/exploits/46341/
exploitx_refsource_EXPLOIT-DB
http://seclists.org/oss-sec/2017/q3/128
x_refsource_MISC
https://github.com/GNOME/evince/commit/717df38fd8509bf883...
x_refsource_MISC

EPSS Score

78% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.