Linuxsecurity
Critical Evince Command Injection Vulnerability Discovered in Ubuntu
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A critical vulnerability has been identified in Evince, the document viewer for Ubuntu, which could allow attackers to execute arbitrary code by opening a specially crafted PDF file. This issue arises from improper sanitization of command-line arguments in PDF /GoToR actions. Affected versions include Ubuntu 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS. Users are advised to update their systems to the latest package versions to mitigate the risk. The vulnerability poses a significant threat as it could lead to unauthorized program execution under the user's login. A standard system update will apply the necessary fixes. The issue was disclosed in Ubuntu Security Notice USN-8295-1, published on May 22, 2026.
Key Points: • Evince vulnerability allows arbitrary code execution via specially crafted PDF files. • Affected Ubuntu versions include 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS. • Users should update their systems immediately to mitigate the risk.