There has been a case of confirmed code execution vulnerability in Evince in the past, in 2017:

* https://www.cvedetails.com/cve/CVE-2017-1000083/

As well as possible code execution vulnerabilities in Evince, in 2019 and 2011:

* https://www.cvedetails.com/cve/CVE-2019-1010006/

* https://www.cvedetails.com/cve/CVE-2011-5244/

* https://www.cvedetails.com/cve/CVE-2011-0433/

They have also had a command injection vulnerability, in 2017:

* https://www.cvedetails.com/cve/CVE-2017-1000159/

These and other reported security vulnerabilities for Evince are listed here:

* https://www.cvedetails.com/vulnerability-list/vendor_id-283/...

I think in the case of all software it is safest to assume that opening a file that you downloaded from the internet has the potential to do harm, regardless of whether you are using Linux, macOS, Windows, or some other operating system, and regardless of what software you use to read the file.

The best mitigation would be to keep a separate device that you use purely for unauthenticated internet browsing and opening files from the Internet. Never accessing any personal data on that device. In reality almost all of us will use the same devices for our personal files and data, and for browsing the internet and opening random files that we downloaded.

It is interesting to note that the statistics for known security vulnerabilities in Evince..

* https://www.cvedetails.com/product/23592/Gnome-Evince.html?v...

..pales in comparison to the statistics for known security vulnerabilities in Adobe Acrobat Reader:

* https://www.cvedetails.com/product/497/Adobe-Acrobat-Reader....

I wonder if it indicates that Evince is so much more secure than Acrobat Reader.. Or is it simply the case that Evince has not been subject to the level of scrutiny that Acrobat Reader has been? And if so, there might be more unknown security vulnerabilities lurking under the surface of Evince than in Acrobat Reader.