Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2023-52076

Published: 25/01/2024 Updated: 02/02/2024
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Atril

Vulnerability Summary

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril before 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mate-desktop atril

Vendor Advisories

Debian CVElist Bug Report Logs: atril: CVE-2023-52076
Debian Bug report logs - #1061522 atril: CVE-2023-52076 Package: src:atril; Maintainer for src:atril is Debian+Ubuntu MATE Packaging Team <debian-mate@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 Jan 2024 21:15:01 UTC Severity: grave Tags: security, upstream Found in version ...
Amazon Linux 2: ALASMATE-DESKTOP1.X-2024-006
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1262 This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access The only lim ...

Github Repositories

https://github.com/febinrev/slippy-book-exploit

CVE-2023-44451, CVE-2023-52076: RCE Vulnerability affected popular Linux Distros including Mint, Kali, Parrot, Manjaro etc. EPUB File Parsing Directory Traversal Remote Code Execution

Slippy-book: EPUB File Parsing Directory Traversal Remote Code Execution CVE-2023-44451 (Xreader), CVE-2023-52076(Atril)(Reserved): RCE Vulnerability affected popular Linux Distros including Mint, Kali, Parrot, Manjaro etc EPUB File Parsing Directory Traversal Remote Code Execution A Critical Path traversal and Arbitrary file write vulnerability has been discovered in the defa

References

CWE-22https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50https://github.com/mate-desktop/atril/releases/tag/v1.26.2https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061522https://nvd.nist.govhttps://github.com/febinrev/slippy-book-exploithttps://alas.aws.amazon.com/AL2/ALASMATE-DESKTOP1.X-2024-006.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook