Critical Evince Command Injection Vulnerability Discovered in Ubuntu

Critical Evince Command Injection Vulnerability Discovered in Ubuntu

First seen 22 May 2026, 20:40 UTC UbuntuLinuxsecurity 90% similarity 72.0

Article Content

Browse articles
ThreatCluster

A critical vulnerability has been identified in Evince, the document viewer for Ubuntu, which could allow attackers to execute arbitrary code by opening a specially crafted PDF file. This issue arises from improper sanitization of command-line arguments in PDF /GoToR actions. Affected versions include Ubuntu 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS. Users are advised to update their systems to the latest package versions to mitigate the risk. The vulnerability poses a significant threat as it could lead to unauthorized program execution under the user's login. A standard system update will apply the necessary fixes. The issue was disclosed in Ubuntu Security Notice USN-8295-1, published on May 22, 2026.

Key Points: • Evince vulnerability allows arbitrary code execution via specially crafted PDF files. • Affected Ubuntu versions include 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS. • Users should update their systems immediately to mitigate the risk.

ThreatCluster AI

Timeline

2026-05-22
Evince vulnerability disclosed
Ubuntu Security Notice USN-8295-1 announced a critical command injection vulnerability in Evince affecting multiple Ubuntu versions.
Ubuntu
2026-05-22
Linuxsecurity reports on vulnerability
Linuxsecurity published details on the Evince vulnerability, confirming its impact on various Ubuntu releases.
Linuxsecurity

Community

Browse all →