CVE-2023-52076

2024-01-2500:00:00

ubuntu.com

atril document viewer

mate desktop

linux

path traversal

arbitrary file write

vulnerability

remote command execution

patch

filesystem.

8.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.0%

JSON

Atril Document Viewer is the default document reader of the MATE desktop
environment for Linux. A path traversal and arbitrary file write
vulnerability exists in versions of Atril prior to 1.26.2. This
vulnerability is capable of writing arbitrary files anywhere on the
filesystem to which the user opening a crafted document has access. The
only limitation is that this vulnerability cannot be exploited to overwrite
existing files, but that doesn’t stop an attacker from achieving Remote
Command Execution on the target system. Version 1.26.2 of Atril contains a
patch for this vulnerability.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061522>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchatril< 1.20.1-2ubuntu2+esm1UNKNOWN
ubuntu20.04noarchatril< 1.24.0-1ubuntu0.1UNKNOWN
ubuntu22.04noarchatril< 1.26.0-1ubuntu1.1UNKNOWN
ubuntu23.10noarchatril< 1.26.0-2ubuntu0.1UNKNOWN
ubuntu16.04noarchatril< 1.12.2-1ubuntu0.3+esm1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	atril	< 1.20.1-2ubuntu2+esm1	UNKNOWN
ubuntu	20.04	noarch	atril	< 1.24.0-1ubuntu0.1	UNKNOWN
ubuntu	22.04	noarch	atril	< 1.26.0-1ubuntu1.1	UNKNOWN
ubuntu	23.10	noarch	atril	< 1.26.0-2ubuntu0.1	UNKNOWN
ubuntu	16.04	noarch	atril	< 1.12.2-1ubuntu0.3+esm1	UNKNOWN