← back
CVE-2017-1000083

CVE-2017-1000083

EPSS 50.8%
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 50.8%KEV nãoPoC públicaNuclei Metasploit simPatch referenciado
Lifecycle
13 Jul 2017Metasploit module available
05 Sep 2017Published on NVD
30 Oct 2018Public PoC
Weaponization speed
420 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.