[ASA-202003-10] okular: arbitrary command execution
rgacogne at archlinux.org
Mon Mar 16 16:28:01 UTC 2020
Arch Linux Security Advisory ASA-202003-10
Date : 2020-03-13
CVE-ID : CVE-2020-9359
Package : okular
Type : arbitrary command execution
Remote : Yes
Link : https://security.archlinux.org/AVG-1113
The package okular before version 19.12.3-3 is vulnerable to arbitrary
Upgrade to 19.12.3-3.
# pacman -Syu "okular>=19.12.3-3"
The problem has been fixed upstream but no release is available yet.
A security issue has been found in Okular before 1.10.0, that can be
tricked into executing local binaries via specially crafted PDF files.
This binary execution can require almost no user interaction. No
parameters can be passed to those local binaries.
A remote attacker can execute an arbitrary command by tricking a local
user into opening a specially crafted PDF document.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the arch-security