A logic error in Okular might allow an attacker to execute arbitrary code.
|Package||kde-apps/okular on all architectures|
|Affected versions||< 19.12.3-r1|
|Unaffected versions||>= 19.12.3-r1|
Okular is a universal document viewer based on KPDF.
A logic error was discovered in Okular, which results in trusting action links within a PDF, possibly allowing execution of a binary.
A remote attacker could entice a user to open a specially crafted PDF using Okular, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.
Avoid opening PDFs from an untrusted source.
All Okular users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=kde-apps/okular-19.12.3-r1"
July 27, 2020
July 27, 2020: 1