Home / mailings [USN-8295-1] Evince vulnerability
Posted on 22 May 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8295-1
May 22, 2026
evince vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Evince could be made to run programs as your login if it opened a
specially crafted file.
Software Description:
- evince: Document viewer
Details:
It was discovered that Evince did not properly sanitize command-line
arguments in PDF /GoToR actions. If a user opened a specially crafted PDF
file, an attacker could possibly use this issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
evince 49~alpha-2ubuntu2.1
evince-common 49~alpha-2ubuntu2.1
Ubuntu 25.10
evince 48.1-3ubuntu2.1
evince-common 48.1-3ubuntu2.1
Ubuntu 24.04 LTS
evince 46.3.1-0ubuntu1.1
evince-common 46.3.1-0ubuntu1.1
Ubuntu 22.04 LTS
evince 42.3-0ubuntu3.2
evince-common 42.3-0ubuntu3.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8295-1
CVE-2026-46529
Package Information:
https://launchpad.net/ubuntu/+source/evince/49~alpha-2ubuntu2.1
https://launchpad.net/ubuntu/+source/evince/48.1-3ubuntu2.1
https://launchpad.net/ubuntu/+source/evince/46.3.1-0ubuntu1.1
https://launchpad.net/ubuntu/+source/evince/42.3-0ubuntu3.2
--===============6477737349669844639==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
