1. Forum
  2. MicroNet
  3. MIN COMP

  • Vulnerabilities in various GTK-based PDF readers

    From LWN.net@618:250/24 to All on Fri May 22 06:45:08 2026
    Michael Catanzaro has disclosed a
    command-injection vulnerability affecting a number of GTK-based PDF
    readers; exploits included:

    They contain a script for building malicious polyglot PDFs that are
    simultaneously both valid PDF files and also valid ELF
    binaries. When the user opens the PDF in the PDF viewer and clicks
    on a malicious link embedded in the PDF, the PDF abuses the command
    injection vulnerability to load itself as a GTK module using the
    `--gtk-module` command line flag. It can then execute arbitrary
    code via its library constructor. That flag was removed in GTK 4,
    which is why the vulnerability is much less serious for Papers than
    it is for Evince, Atril, and Xreader.

    https://lwn.net/Articles/1073944/
    --- SBBSecho 3.37-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24)