CVE-2026-46529 · cross-distro fix matrix

CVE-2026-46529: It was discovered that Evince did not properly sanitize command-line

Affects 8 Linux releases across 44 (distro × package) combinations. First disclosed: 2026-05-22.

Fix per ecosystem

Each block below is a distro release where CVE-2026-46529 has a known fix. Run the listed command on that distro to remediate.

Ubuntu jammy

Source: Ubuntu USN

evince→ fixed in42.3-0ubuntu3.2USN-8295-1

sudo apt-get install --only-upgrade -y evince

evince-common→ fixed in42.3-0ubuntu3.2USN-8295-1

sudo apt-get install --only-upgrade -y evince-common

gir1.2-evince-3.0→ fixed in42.3-0ubuntu3.2USN-8295-1

sudo apt-get install --only-upgrade -y gir1.2-evince-3.0

libevdocument3-4→ fixed in42.3-0ubuntu3.2USN-8295-1

sudo apt-get install --only-upgrade -y libevdocument3-4

libevince-dev→ fixed in42.3-0ubuntu3.2USN-8295-1

sudo apt-get install --only-upgrade -y libevince-dev

libevview3-3→ fixed in42.3-0ubuntu3.2USN-8295-1

sudo apt-get install --only-upgrade -y libevview3-3

Ubuntu noble

Source: Ubuntu USN

evince→ fixed in46.3.1-0ubuntu1.1USN-8295-1

sudo apt-get install --only-upgrade -y evince

evince-common→ fixed in46.3.1-0ubuntu1.1USN-8295-1

sudo apt-get install --only-upgrade -y evince-common

gir1.2-evince-3.0→ fixed in46.3.1-0ubuntu1.1USN-8295-1

sudo apt-get install --only-upgrade -y gir1.2-evince-3.0

libevdocument3-4t64→ fixed in46.3.1-0ubuntu1.1USN-8295-1

sudo apt-get install --only-upgrade -y libevdocument3-4t64

libevince-dev→ fixed in46.3.1-0ubuntu1.1USN-8295-1

sudo apt-get install --only-upgrade -y libevince-dev

libevview3-3t64→ fixed in46.3.1-0ubuntu1.1USN-8295-1

sudo apt-get install --only-upgrade -y libevview3-3t64

Ubuntu questing

Source: Ubuntu USN

evince→ fixed in48.1-3ubuntu2.1USN-8295-1

sudo apt-get install --only-upgrade -y evince

evince-common→ fixed in48.1-3ubuntu2.1USN-8295-1

sudo apt-get install --only-upgrade -y evince-common

gir1.2-evince-3.0→ fixed in48.1-3ubuntu2.1USN-8295-1

sudo apt-get install --only-upgrade -y gir1.2-evince-3.0

libevdocument3-4t64→ fixed in48.1-3ubuntu2.1USN-8295-1

sudo apt-get install --only-upgrade -y libevdocument3-4t64

libevince-dev→ fixed in48.1-3ubuntu2.1USN-8295-1

sudo apt-get install --only-upgrade -y libevince-dev

libevview3-3t64→ fixed in48.1-3ubuntu2.1USN-8295-1

sudo apt-get install --only-upgrade -y libevview3-3t64

papers→ fixed in48.0-1ubuntu1.25.10.4USN-8321-1
```
sudo apt-get install --only-upgrade -y papers
```
gir1.2-papers-4.0→ fixed in48.0-1ubuntu1.25.10.4USN-8321-1
```
sudo apt-get install --only-upgrade -y gir1.2-papers-4.0
```
libpapers-dev→ fixed in48.0-1ubuntu1.25.10.4USN-8321-1
```
sudo apt-get install --only-upgrade -y libpapers-dev
```
libpapers-doc→ fixed in48.0-1ubuntu1.25.10.4USN-8321-1
```
sudo apt-get install --only-upgrade -y libpapers-doc
```
libppsdocument-4.0-5→ fixed in48.0-1ubuntu1.25.10.4USN-8321-1
```
sudo apt-get install --only-upgrade -y libppsdocument-4.0-5
```
libppsview-4.0-4→ fixed in48.0-1ubuntu1.25.10.4USN-8321-1
```
sudo apt-get install --only-upgrade -y libppsview-4.0-4
```
papers-common→ fixed in48.0-1ubuntu1.25.10.4USN-8321-1
```
sudo apt-get install --only-upgrade -y papers-common
```

Ubuntu resolute

Source: Ubuntu USN

evince→ fixed in49~alpha-2ubuntu2.1USN-8295-1
```
sudo apt-get install --only-upgrade -y evince
```
evince-common→ fixed in49~alpha-2ubuntu2.1USN-8295-1
```
sudo apt-get install --only-upgrade -y evince-common
```
gir1.2-evince-4.0→ fixed in49~alpha-2ubuntu2.1USN-8295-1
```
sudo apt-get install --only-upgrade -y gir1.2-evince-4.0
```
libevdocument-4.0-6→ fixed in49~alpha-2ubuntu2.1USN-8295-1
```
sudo apt-get install --only-upgrade -y libevdocument-4.0-6
```
libevince-dev→ fixed in49~alpha-2ubuntu2.1USN-8295-1
```
sudo apt-get install --only-upgrade -y libevince-dev
```
libevview-4.0-5→ fixed in49~alpha-2ubuntu2.1USN-8295-1
```
sudo apt-get install --only-upgrade -y libevview-4.0-5
```

papers→ fixed in50.1-0ubuntu1.1USN-8321-1

sudo apt-get install --only-upgrade -y papers

gir1.2-papers-4.0→ fixed in50.1-0ubuntu1.1USN-8321-1

sudo apt-get install --only-upgrade -y gir1.2-papers-4.0

libpapers-dev→ fixed in50.1-0ubuntu1.1USN-8321-1

sudo apt-get install --only-upgrade -y libpapers-dev

libpapers-doc→ fixed in50.1-0ubuntu1.1USN-8321-1

sudo apt-get install --only-upgrade -y libpapers-doc

libppsdocument-4.0-6→ fixed in50.1-0ubuntu1.1USN-8321-1

sudo apt-get install --only-upgrade -y libppsdocument-4.0-6

libppsview-4.0-5→ fixed in50.1-0ubuntu1.1USN-8321-1

sudo apt-get install --only-upgrade -y libppsview-4.0-5

papers-common→ fixed in50.1-0ubuntu1.1USN-8321-1

sudo apt-get install --only-upgrade -y papers-common

Debian bullseye

Source: Debian Security Tracker

atril→ fixed in1.24.0-1+deb11u2urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y atril
```
evince→ fixed in3.38.2-1+deb11u1urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y evince
```

Debian bookworm

Source: Debian Security Tracker

evince→ fixed in43.1-2+deb12u1urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y evince
```

Debian trixie

Source: Debian Security Tracker

evince→ fixed in48.1-3+deb13u1urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y evince
```

Alpine edge

Source: Alpine secdb

atril→ fixed in1.28.0-r3
```
apk update && apk add --upgrade atril
```
evince→ fixed in48.4-r0
```
apk update && apk add --upgrade evince
```

Are YOU affected by CVE-2026-46529?

5-second check on your actual server. Reads /etc/os-release, uname -r, and the distro's package manager; matches against this same cross-source index live.

curl https://mindsparkstack.com/scan.sh | bash

Form-based quickscan View on NVD

Continuous monitoring beats manual checking

CVE-2026-46529dropped silently in your distro's update channel. Every new CVE is the same story. StackPatch runs the matcher hourly against all 5 sources and emails the exact remediation when something new applies to one of your servers. $99 lifetime, 50 founder seats, 30-day refund.

See StackPatch ($99 lifetime)