[USN-8295-1] Evince vulnerability

========================================================================== Ubuntu Security Notice USN-8295-1 May 22, 2026 evince vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Evince could be made to run programs as your login if it opened a specially crafted file. Software Description: - evince: Document viewer Details: It was discovered that Evince did not properly sanitize command-line arguments in PDF /GoToR actions. If a user opened a specially crafted PDF file, an attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS evince 49~alpha-2ubuntu2.1 evince-common 49~alpha-2ubuntu2.1 Ubuntu 25.10 evince 48.1-3ubuntu2.1 evince-common 48.1-3ubuntu2.1 Ubuntu 24.04 LTS evince 46.3.1-0ubuntu1.1 evince-common 46.3.1-0ubuntu1.1 Ubuntu 22.04 LTS evince 42.3-0ubuntu3.2 evince-common 42.3-0ubuntu3.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8295-1 CVE-2026-46529 Package Information: https://launchpad.net/ubuntu/+source/evince/49~alpha-2ubuntu2.1 https://launchpad.net/ubuntu/+source/evince/48.1-3ubuntu2.1 https://launchpad.net/ubuntu/+source/evince/46.3.1-0ubuntu1.1 https://launchpad.net/ubuntu/+source/evince/42.3-0ubuntu3.2