| Package | evince |
|---|---|
| Version | 3.22.1-3+deb9u4 (stretch), 3.30.2-3+deb10u2 (buster) |
| Related CVEs | CVE-2026-46529 |
It was discovered that evince, a simple multi-page document viewer, is prone to a command injection vulnerability if a specially crafted PDF file is opened.
For Debian 10 buster, these problems have been fixed in version 3.30.2-3+deb10u2.
For Debian 9 stretch, these problems have been fixed in version 3.22.1-3+deb9u4.
We recommend that you upgrade your evince packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.