Atril

Evince and Atril: opening a PDF can run arbitrary code on Linux

Evince and Atril have an argument injection bug in ev_spawn(). Opening a crafted PDF on GNOME or MATE runs arbitrary code. No patch — avoid untrusted PDFs.