Ubuntu Evince Critical Command Injection Vulnerability USN-8295-1
ubuntu
May 22, 2026
Evince could be made to run programs as your login if it opened a specially crafted file.
Summary
Evince could be made to run programs as your login if it opened a
specially crafted file.
Software Description:
- evince: Document viewer
Details:
It was discovered that Evince did not properly sanitize command-line
arguments in PDF /GoToR actions. If a user opened a specially crafted PDF
file, an attacker could possibly use this issue to execute arbitrary code.
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS evince 49~alpha-2ubuntu2.1 evince-common 49~alpha-2ubuntu2.1 Ubuntu 25.10 evince 48.1-3ubuntu2.1 evince-common 48.1-3ubuntu2.1 Ubuntu 24.04 LTS evince 46.3.1-0ubuntu1.1 evince-common 46.3.1-0ubuntu1.1 Ubuntu 22.04 LTS evince 42.3-0ubuntu3.2 evince-common 42.3-0ubuntu3.2 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-8295-1
CVE-2026-46529
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8295-1
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!