Sure, always. ALL PDF readers on linux have allowed remote code insertion into kernel merely by reading PDFs. But far less known publicly. The CIA and FBI spend millions of dollars creating linux PDF exploits off of PDF buffer overflows. NSA does too. Remote code execution in Okular PDF reader for KDE: https://www.cybersecurity-help.cz/vdb/SB2020031319 some require a click on a thing that is a action link though : "KDE **Okular** before 1.10.0 allows code execution via an action link in a PDF document." https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9359 *Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function*: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2575 over a dozen for "**Evince** PDF reader" https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Evince "**XPDF**?" 131 CVE Records ! : https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=XPDF **Mupdf?** 50 CVE Exploit records : https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Mupdf **Poppler library?** Fucking Dumpser fire full of exploits, 111 CVE Records : https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Poppler Lots of "safe light secure linux PDF readers" use Poppler library. What a goddamned joke.