Detections
Analytics

SUSE SLES16: libppsdocument4_0-5 / libppsview4_0-4 / nautilus-extension-papers / etc (SUSE-SU-2026:22182-1)

high Nessus Plugin ID 322933

Synopsis

The remote SUSE host is missing a security update.

Description

The remote SUSE Linux SLES16 / SLES_SAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:22182-1 advisory.

 This update for papers fixes the following issues

 Security issue:

 - CVE-2026-46529: command injection (bsc#1265880).

 Changes for papers:

 - Update to version 48.10 (bsc#1265880):
 - Update to version 48.9 (jsc#PED-15957, bsc#1261947):
 - Bug fixes:
 - Saved image files are empty
 - Print dialog says Manage Custom Sizes for Paper Size every time
 - libview: Correct zoom in odd left dual page mode
 - Scrolling in presentation mode skips pages + Changes in version 48.8:
 + Bug fixes:
 - Ctrl+F sometimes does not focus search box when query is blank
 - Page number is not in the center of the number box
 - Keyboard input unresponsive in presentation mode, unable to exit with Esc
 - help: Update icon + Changes in version 48.7:
 - Fixes for the nautilus plugin filename encodings
 - shell: Fix signing when the rectangle is too small
 - libdocument: fix weak page references
 - shell: Fix opening PDFs from GVFS mounts like Google Drive + Changes in version 48.6:
 + Bug fixed:
 - Fix various memory leak
 - Fix several focus issues
 - Remove trailing new lines from section names
 - Migrate to xz compression and manual service run
 - Update to version 48.5:
 + Bugs fixed:
 - Preview for a link doesn't work more than once
 - Link preview triggers even after the cursor leaves the link
 - shell: fix a translation issue in printing
 - libview/pps-view: Ignore the scroll offset when drawing the sign area
 - Selection performance
 - libview: deal with large pages
 - shell: Make sure that all child widgets of PpsView are removed when closing document
 - Caret selection doesn't cover more than one character + Updated translations.
 - Update to version 48.4:
 - shell: Enable digital signing action when document supports
 - Documentation still mentions possibility of saving the settings
 - Launch target file
 - shell: Fix signature banner title
 - Slideshow presentation is blurry
 - libview/pps-view: Do not replace the sign cursor on drag-less movements
 - Saved annotation timestamps tooltips are shown using UTC time in 12-hours format
 - Update to version 48.3:
 - shell: disable dual-odd-left action when dual mode is disabled.
 - libview: Rerender annotation when the icon property is updated
 - shell: Display the filename if the document title is only whitespace

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1261947

https://bugzilla.suse.com/1265880

https://lists.suse.com/pipermail/sle-updates/2026-June/047526.html

https://www.suse.com/security/cve/CVE-2026-46529

Plugin Details

Severity: High

ID: 322933

File Name: suse_SU-2026-22182-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 6/26/2026

Updated: 6/26/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-46529

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.4

Threat Score: 7

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:libppsview4_0-4, p-cpe:/a:novell:suse_linux:papers-lang, p-cpe:/a:novell:suse_linux:papers-plugin-tiffdocument, p-cpe:/a:novell:suse_linux:papers-plugin-comicsdocument, p-cpe:/a:novell:suse_linux:libppsdocument4_0-5, cpe:/o:novell:suse_linux:16, p-cpe:/a:novell:suse_linux:nautilus-extension-papers, p-cpe:/a:novell:suse_linux:typelib-1_0-papersview-4_0, p-cpe:/a:novell:suse_linux:typelib-1_0-papersdocument-4_0, p-cpe:/a:novell:suse_linux:papers, p-cpe:/a:novell:suse_linux:papers-plugin-pdfdocument

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/19/2026

Vulnerability Publication Date: 5/19/2026

Reference Information

CVE: CVE-2026-46529

SuSE: SUSE-SU-2026:22182-1