| Package | evince |
|---|---|
| Version | 3.22.1-3+deb9u3 (stretch) |
| Related CVEs | CVE-2023-51698 |
A security vulnerability was found in Evince, a document viewer, which may grant an attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT (comic book archive) document which is a TAR archive. The comic book backend of Evince uses libarchive now, which handles CBT and other comic book archives correctly.
For Debian 9 stretch, these problems have been fixed in version 3.22.1-3+deb9u3.
We recommend that you upgrade your evince packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.