7.8

CVE-2017-1000083

Exploit
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 50.83% 0.988
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://seclists.org/oss-sec/2017/q3/128
Third Party Advisory
Mailing List
http://www.debian.org/security/2017/dsa-3911
Third Party Advisory
http://www.securityfocus.com/bid/99597
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:2388
Third Party Advisory
https://bugzilla.gnome.org/show_bug.cgi?id=784630
Third Party Advisory
Issue Tracking
https://github.com/GNOME/evince/commit/717df38fd8509bf883b70d680c9b1b3cf36732ee
Patch
Third Party Advisory
Issue Tracking
https://www.exploit-db.com/exploits/45824/
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/46341/
Third Party Advisory
Exploit
VDB Entry