Opening a PDF is the kind of thing nobody treats as risky. That’s exactly why a command injection in a document viewer is so awkward: double-click the wrong file, click a couple of links inside it, and the attacker runs code in your session. That’s what Debian patches with advisory DSA-6349-1 for Atril, the default PDF viewer on the MATE desktop.
What goes wrong
The flaw sits in the ev_spawn function inside shell/ev-application.c. The function launches processes from data taken out of the document, but it never applied g_shell_quote to the link-destination fields of the PDF. Since whoever creates the file controls those fields, a crafted PDF can slip arbitrary arguments into the command line Atril runs. The vulnerability is tracked as CVE-2026-46529 and brings together a few classic weaknesses: command injection (CWE-77), argument injection (CWE-88), and inclusion from an untrusted control sphere (CWE-829).
The part that makes it serious is how it gets weaponized. The attacker builds a polyglot file that is valid as both a PDF and an ELF shared library at the same time. When the victim clicks a link in the document, Atril ends up loading that same file as a GTK module, and the attacker’s code runs from there. No sophisticated exploit chain, no memory-corruption bug needed. The user’s trust in opening a PDF they were sent is enough.
One detail worth keeping in mind: this flaw belongs to the same family as CVE-2023-51698, but through a different code path that earlier patches missed. It isn’t the first time ev_spawn has caused trouble.
Who is affected, and how badly
It hits any install running a vulnerable Atril. Upstream, the issue affects versions before 1.26.3 and the 1.27.0 through 1.28.3 branch. The CVSS v4.0 score is 8.4 (HIGH), with vector CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. The vector is local and requires user interaction (hence the “one click”), but the impact on confidentiality, integrity, and availability is high. In plain terms: if someone runs MATE and opens PDFs that arrive by email or download, they are in the risk zone.
Mitigation and patch
The answer is straightforward: update. Debian published the advisory on 17 June 2026 and fixed it in stable Trixie (Debian 13) with version 1.26.2-4+deb13u1, and in Bookworm (Debian 12) with 1.26.0-2+deb12u4. If security updates are enabled, applying what’s pending is the simplest route:
sudo apt update
sudo apt install --only-upgrade atrilUntil the patch reaches other systems, the usual caution still holds: don’t open PDFs from unknown sources, and if you have to work with suspicious documents, do it in a different viewer or an isolated environment. It’s also worth checking whether other MATE-based distros have already backported the fix.
For more context on the distribution, see the Debian page with its support policy and branches.