8.5 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
7 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
77.0%
Atril Document Viewer is the default document reader of the MATE desktop
environment for Linux. A path traversal and arbitrary file write
vulnerability exists in versions of Atril prior to 1.26.2. This
vulnerability is capable of writing arbitrary files anywhere on the
filesystem to which the user opening a crafted document has access. The
only limitation is that this vulnerability cannot be exploited to overwrite
existing files, but that doesn’t stop an attacker from achieving Remote
Command Execution on the target system. Version 1.26.2 of Atril contains a
patch for this vulnerability.
github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50
github.com/mate-desktop/atril/releases/tag/v1.26.2
github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37
launchpad.net/bugs/cve/CVE-2023-52076
nvd.nist.gov/vuln/detail/CVE-2023-52076
security-tracker.debian.org/tracker/CVE-2023-52076
ubuntu.com/security/notices/USN-6808-1
www.cve.org/CVERecord?id=CVE-2023-52076
8.5 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
7 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
77.0%