{"id":"UBUNTU-CVE-2026-46529","details":"PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen","modified":"2026-05-27T15:44:16.888764152Z","published":"2026-05-20T00:00:00Z","related":["USN-8295-1","USN-8321-1"],"upstream":["CVE-2026-46529"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-46529"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2026-46529"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2026/05/19/34"},{"type":"REPORT","url":"https://medeiros.zip/posts/CVE-2026-46529-evince"},{"type":"REPORT","url":"https://blogs.gnome.org/mcatanzaro/2026/05/21/single-click-code-execution-exploit-for-evince-atril-and-xreader/"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8295-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8321-1"}],"affected":[{"package":{"name":"evince","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/evince?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.16.1-0ubuntu1","3.18.1-1ubuntu1","3.18.1-1ubuntu2","3.18.2-1ubuntu1","3.18.2-1ubuntu2","3.18.2-1ubuntu3","3.18.2-1ubuntu4","3.18.2-1ubuntu4.1","3.18.2-1ubuntu4.2","3.18.2-1ubuntu4.3","3.18.2-1ubuntu4.4","3.18.2-1ubuntu4.5","3.18.2-1ubuntu4.6"],"ecosystem_specific":{"binaries":[{"binary_version":"3.18.2-1ubuntu4.6","binary_name":"evince"},{"binary_version":"3.18.2-1ubuntu4.6","binary_name":"evince-common"},{"binary_version":"3.18.2-1ubuntu4.6","binary_name":"evince-gtk"},{"binary_version":"3.18.2-1ubuntu4.6","binary_name":"gir1.2-evince-3.0"},{"binary_version":"3.18.2-1ubuntu4.6","binary_name":"libevdocument3-4"},{"binary_version":"3.18.2-1ubuntu4.6","binary_name":"libevview3-3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46529.json"}},{"package":{"name":"atril","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/atril?arch=source&distro=esm-apps%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.10.2+repack1-1","1.12.2-1","1.12.2-1ubuntu0.1","1.12.2-1ubuntu0.2","1.12.2-1ubuntu0.3","1.12.2-1ubuntu0.3+esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.12.2-1ubuntu0.3+esm1","binary_name":"atril"},{"binary_version":"1.12.2-1ubuntu0.3+esm1","binary_name":"atril-common"},{"binary_version":"1.12.2-1ubuntu0.3+esm1","binary_name":"gir1.2-atril"},{"binary_version":"1.12.2-1ubuntu0.3+esm1","binary_name":"libatrildocument3"},{"binary_version":"1.12.2-1ubuntu0.3+esm1","binary_name":"libatrilview3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46529.json"}},{"package":{"name":"evince","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/evince?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.26.0-1","3.26.0-2","3.26.0-3","3.27.91-1","3.27.92-1","3.28.0-1","3.28.2-1","3.28.4-0ubuntu1","3.28.4-0ubuntu1.1","3.28.4-0ubuntu1.2"],"ecosystem_specific":{"binaries":[{"binary_version":"3.28.4-0ubuntu1.2","binary_name":"browser-plugin-evince"},{"binary_version":"3.28.4-0ubuntu1.2","binary_name":"evince"},{"binary_version":"3.28.4-0ubuntu1.2","binary_name":"evince-common"},{"binary_version":"3.28.4-0ubuntu1.2","binary_name":"gir1.2-evince-3.0"},{"binary_version":"3.28.4-0ubuntu1.2","binary_name":"libevdocument3-4"},{"binary_version":"3.28.4-0ubuntu1.2","binary_name":"libevview3-3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46529.json"}},{"package":{"name":"atril","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/atril?arch=source&distro=esm-apps%2Fbionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.18.1-1","1.18.3-1","1.19.6-0ubuntu1","1.20.0-0ubuntu1","1.20.1-0ubuntu1","1.20.1-1","1.20.1-2ubuntu1","1.20.1-2ubuntu2","1.20.1-2ubuntu2+esm1","1.20.1-2ubuntu2+esm2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.20.1-2ubuntu2+esm2","binary_name":"atril"},{"binary_version":"1.20.1-2ubuntu2+esm2","binary_name":"atril-common"},{"binary_version":"1.20.1-2ubuntu2+esm2","binary_name":"gir1.2-atril"},{"binary_version":"1.20.1-2ubuntu2+esm2","binary_name":"gir1.2-atrildocument-1.5.0"},{"binary_version":"1.20.1-2ubuntu2+esm2","binary_name":"gir1.2-atrilview-1.5.0"},{"binary_version":"1.20.1-2ubuntu2+esm2","binary_name":"libatrildocument3"},{"binary_version":"1.20.1-2ubuntu2+esm2","binary_name":"libatrilview3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46529.json"}},{"package":{"name":"evince","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/evince?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.34.1-1","3.34.1-1build1","3.35.1-1","3.35.1-1build1","3.35.92-1","3.36.0-1","3.36.0-2","3.36.5-0ubuntu1","3.36.7-0ubuntu1","3.36.10-0ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.36.10-0ubuntu1","binary_name":"evince"},{"binary_version":"3.36.10-0ubuntu1","binary_name":"evince-common"},{"binary_version":"3.36.10-0ubuntu1","binary_name":"gir1.2-evince-3.0"},{"binary_version":"3.36.10-0ubuntu1","binary_name":"libevdocument3-4"},{"binary_version":"3.36.10-0ubuntu1","binary_name":"libevview3-3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46529.json"}},{"package":{"name":"atril","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/atril?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.22.2-0ubuntu1","1.24.0-0ubuntu1","1.24.0-1","1.24.0-1ubuntu0.1","1.24.0-1ubuntu0.2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.24.0-1ubuntu0.2","binary_name":"atril"},{"binary_version":"1.24.0-1ubuntu0.2","binary_name":"atril-common"},{"binary_version":"1.24.0-1ubuntu0.2","binary_name":"gir1.2-atril"},{"binary_version":"1.24.0-1ubuntu0.2","binary_name":"gir1.2-atrildocument-1.5.0"},{"binary_version":"1.24.0-1ubuntu0.2","binary_name":"gir1.2-atrilview-1.5.0"},{"binary_version":"1.24.0-1ubuntu0.2","binary_name":"libatrildocument3"},{"binary_version":"1.24.0-1ubuntu0.2","binary_name":"libatrilview3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46529.json"}},{"package":{"name":"atril","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/atril?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.26.0-0ubuntu1","1.26.0-1ubuntu1","1.26.0-1ubuntu1.1","1.26.0-1ubuntu1.2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.26.0-1ubuntu1.2","binary_name":"atril"},{"binary_version":"1.26.0-1ubuntu1.2","binary_name":"atril-common"},{"binary_version":"1.26.0-1ubuntu1.2","binary_name":"gir1.2-atrildocument-1.5.0"},{"binary_version":"1.26.0-1ubuntu1.2","binary_name":"gir1.2-atrilview-1.5.0"},{"binary_version":"1.26.0-1ubuntu1.2","binary_name":"libatrildocument3"},{"binary_version":"1.26.0-1ubuntu1.2","binary_name":"libatrilview3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46529.json"}},{"package":{"name":"evince","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/evince?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"42.3-0ubuntu3.2"}]}],"versions":["40.4-2","41.2-1","41.3-1","41.3-2","41.3-3","42~rc-1","42.0-1","42.1-1","42.1-2","42.1-3","42.3-0ubuntu1","42.3-0ubuntu2","42.3-0ubuntu3","42.3-0ubuntu3.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"42.3-0ubuntu3.2","binary_name":"evince"},{"binary_version":"42.3-0ubuntu3.2","binary_name":"evince-common"},{"binary_version":"42.3-0ubuntu3.2","binary_name":"gir1.2-evince-3.0"},{"binary_version":"42.3-0ubuntu3.2","binary_name":"libevdocument3-4"},{"binary_version":"42.3-0ubuntu3.2","binary_name":"libevview3-3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46529.json"}},{"package":{"name":"atril","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/atril?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.26.0-2fakesync1","1.26.1-1","1.26.1-3","1.26.1-4","1.26.2-1","1.26.2-1.1build3","1.26.2-3build1","1.26.2-3build2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.26.2-3build2","binary_name":"atril"},{"binary_version":"1.26.2-3build2","binary_name":"atril-common"},{"binary_version":"1.26.2-3build2","binary_name":"gir1.2-atrildocument-1.5.0"},{"binary_version":"1.26.2-3build2","binary_name":"gir1.2-atrilview-1.5.0"},{"binary_version":"1.26.2-3build2","binary_name":"libatrildocument3t64"},{"binary_version":"1.26.2-3build2","binary_name":"libatrilview3t64"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46529.json"}},{"package":{"name":"evince","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/evince?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"46.3.1-0ubuntu1.1"}]}],"versions":["45.0-1","46.0-1","46.0-1build1","46.3.1-0ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"46.3.1-0ubuntu1.1","binary_name":"evince"},{"binary_version":"46.3.1-0ubuntu1.1","binary_name":"evince-common"},{"binary_version":"46.3.1-0ubuntu1.1","binary_name":"gir1.2-evince-3.0"},{"binary_version":"46.3.1-0ubuntu1.1","binary_name":"libevdocument3-4t64"},{"binary_version":"46.3.1-0ubuntu1.1","binary_name":"libevview3-3t64"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46529.json"}},{"package":{"name":"atril","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/atril?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.26.2-4","1.26.2-4build1","1.26.2-5"],"ecosystem_specific":{"binaries":[{"binary_version":"1.26.2-5","binary_name":"atril"},{"binary_version":"1.26.2-5","binary_name":"atril-common"},{"binary_version":"1.26.2-5","binary_name":"gir1.2-atrildocument-1.5.0"},{"binary_version":"1.26.2-5","binary_name":"gir1.2-atrilview-1.5.0"},{"binary_version":"1.26.2-5","binary_name":"libatrildocument3t64"},{"binary_version":"1.26.2-5","binary_name":"libatrilview3t64"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46529.json"}},{"package":{"name":"evince","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/evince?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"48.1-3ubuntu2.1"}]}],"versions":["48.0-1ubuntu1","48.0-1ubuntu2","48.1-3ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"48.1-3ubuntu2.1","binary_name":"evince"},{"binary_version":"48.1-3ubuntu2.1","binary_name":"evince-common"},{"binary_version":"48.1-3ubuntu2.1","binary_name":"gir1.2-evince-3.0"},{"binary_version":"48.1-3ubuntu2.1","binary_name":"libevdocument3-4t64"},{"binary_version":"48.1-3ubuntu2.1","binary_name":"libevview3-3t64"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46529.json"}},{"package":{"name":"papers","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/papers?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"48.0-1ubuntu1.25.10.4"}]}],"versions":["48.0-1ubuntu1","48.0-1ubuntu1.25.10.1","48.0-1ubuntu1.25.10.2","48.0-1ubuntu1.25.10.3"],"ecosystem_specific":{"binaries":[{"binary_version":"48.0-1ubuntu1.25.10.4","binary_name":"gir1.2-papers-4.0"},{"binary_version":"48.0-1ubuntu1.25.10.4","binary_name":"libppsdocument-4.0-5"},{"binary_version":"48.0-1ubuntu1.25.10.4","binary_name":"libppsview-4.0-4"},{"binary_version":"48.0-1ubuntu1.25.10.4","binary_name":"papers"},{"binary_version":"48.0-1ubuntu1.25.10.4","binary_name":"papers-common"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46529.json"}},{"package":{"name":"atril","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/atril?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.26.2-5","1.28.2-1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.28.2-1","binary_name":"atril"},{"binary_version":"1.28.2-1","binary_name":"atril-common"},{"binary_version":"1.28.2-1","binary_name":"gir1.2-atrildocument-1.5.0"},{"binary_version":"1.28.2-1","binary_name":"gir1.2-atrilview-1.5.0"},{"binary_version":"1.28.2-1","binary_name":"libatrildocument3t64"},{"binary_version":"1.28.2-1","binary_name":"libatrilview3t64"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46529.json"}},{"package":{"name":"evince","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/evince?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"49~alpha-2ubuntu2.1"}]}],"versions":["48.1-3ubuntu2","49~alpha-2","49~alpha-2ubuntu2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"49~alpha-2ubuntu2.1","binary_name":"evince"},{"binary_version":"49~alpha-2ubuntu2.1","binary_name":"evince-common"},{"binary_version":"49~alpha-2ubuntu2.1","binary_name":"gir1.2-evince-4.0"},{"binary_version":"49~alpha-2ubuntu2.1","binary_name":"libevdocument-4.0-6"},{"binary_version":"49~alpha-2ubuntu2.1","binary_name":"libevview-4.0-5"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46529.json"}},{"package":{"name":"evince-gtk3","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/evince-gtk3?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["48.1+dfsg-1build1"],"ecosystem_specific":{"binaries":[{"binary_version":"48.1+dfsg-1build1","binary_name":"gir1.2-evince-3.0"},{"binary_version":"48.1+dfsg-1build1","binary_name":"libevdocument3-4t64"},{"binary_version":"48.1+dfsg-1build1","binary_name":"libevview3-3t64"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46529.json"}},{"package":{"name":"papers","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/papers?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"50.1-0ubuntu1.1"}]}],"versions":["48.0-1ubuntu1","49.1-1ubuntu1","49.2-1ubuntu1","49.2-3ubuntu1","50~beta-0ubuntu2","50.0-0ubuntu1","50.0-0ubuntu2","50.1-0ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"50.1-0ubuntu1.1","binary_name":"gir1.2-papers-4.0"},{"binary_version":"50.1-0ubuntu1.1","binary_name":"libppsdocument-4.0-6"},{"binary_version":"50.1-0ubuntu1.1","binary_name":"libppsview-4.0-5"},{"binary_version":"50.1-0ubuntu1.1","binary_name":"papers"},{"binary_version":"50.1-0ubuntu1.1","binary_name":"papers-common"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46529.json"}}],"schema_version":"1.7.5","severity":[{"type":"Ubuntu","score":"medium"}]}