GitHub_MCVELIST:CVE-2023-51698CVE-2023-51698 Atril's CBT comic book parsing vulnerable to Remote Code Execution
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
9.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.8%
Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.
CNA Affected
[
{
"vendor": "mate-desktop",
"product": "atril",
"versions": [
{
"version": "<= 1.26.3",
"status": "affected"
}
]
}
]References
github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed
github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2
lists.fedoraproject.org/archives/list/[email protected]/message/OT3UIQOSZ6UNH5QTFOOY2DJ4MITM2C2C/
lists.fedoraproject.org/archives/list/[email protected]/message/OZKXNZ3HGH6KH65OEKVCEAOZJWNZ32FQ/
Related
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
9.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.8%