Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Okular: Local restricted command execution — GLSA 202007-47

A logic error in Okular might allow an attacker to execute arbitrary code.

Affected packages

Package kde-apps/okular on all architectures
Affected versions < 19.12.3-r1
Unaffected versions >= 19.12.3-r1

Background

Okular is a universal document viewer based on KPDF.

Description

A logic error was discovered in Okular, which results in trusting action links within a PDF, possibly allowing execution of a binary.

Impact

A remote attacker could entice a user to open a specially crafted PDF using Okular, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

Avoid opening PDFs from an untrusted source.

Resolution

All Okular users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=kde-apps/okular-19.12.3-r1"

References

Release date
July 27, 2020

Latest revision
July 27, 2020: 1

Severity
normal

Exploitable
local, remote

Bugzilla entries