Attacker Value
Low
CVE-2017-1000083
Attacker Value
Low
(1 user assessed)
Exploitability
Moderate
(1 user assessed)User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
CVE-2017-1000083
(Last updated November 26, 2024) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Metasploit Module
Description
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a “—” command-line option substring, as demonstrated by a —checkpoint-action=exec=bash at the beginning of the filename.
Add Assessment
3
Technical Analysis
Does rely on a user to download and open an injected .cbt file with a vulnerable version of Evince (though the preview functionality of file manager software might trigger the injection without requiring the user to expressly open the file).
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown
General Information
Vendors
- debian,
- gnome,
- redhat
Products
- debian linux 8.0,
- debian linux 9.0,
- enterprise linux desktop 7.0,
- enterprise linux server 7.0,
- enterprise linux server 7.4,
- enterprise linux server 7.5,
- enterprise linux server 7.6,
- enterprise linux server aus 7.4,
- enterprise linux server aus 7.6,
- enterprise linux server eus 7.4,
- enterprise linux server eus 7.5,
- enterprise linux server eus 7.6,
- enterprise linux server tus 7.4,
- enterprise linux server tus 7.6,
- enterprise linux workstation 7.0,
- evince
Metasploit Modules
References
