Single-Click Code Execution Exploit for Evince, Atril, and Xreader

blogs.gnome.org

cross-posted to:
linux@lemmy.ml

Single-Click Code Execution Exploit for Evince, Atril, and Xreader

blogs.gnome.org

cm0002@infosec.pub to

Linux@programming.dev · 30 days ago

cross-posted to:
linux@lemmy.ml

CVE-2026-46529 is an argument injection vulnerability in Evince, Atril, and Xreader caused by missing shell quoting when composing a command line. The reporter, João Medeiros, has published a GitHub repo for the CVE and a blog post with the story of how he discovered the flaw and developed the exploit. He also created an Atril...

You must log in or # to comment.

Chat

Linux@programming.dev

linux@programming.dev

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !linux@programming.dev

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

207 users / day
1.86K users / week
3.45K users / month
7.55K users / 6 months
1 local subscriber
14K subscribers
1.16K Posts
6.86K Comments
Modlog