A logic error in Okular might allow an attacker to execute arbitrary code.
Package | kde-apps/okular on all architectures |
---|---|
Affected versions | < 19.12.3-r1 |
Unaffected versions | >= 19.12.3-r1 |
Okular is a universal document viewer based on KPDF.
A logic error was discovered in Okular, which results in trusting action links within a PDF, possibly allowing execution of a binary.
A remote attacker could entice a user to open a specially crafted PDF using Okular, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.
Avoid opening PDFs from an untrusted source.
All Okular users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=kde-apps/okular-19.12.3-r1"
Release date
July 27, 2020
Latest revision
July 27, 2020: 1
Severity
normal
Exploitable
local, remote
Bugzilla entries