CVE-2023-44452

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-44452

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44452.json

Published

2024-05-03T03:16:01Z

Modified

2024-05-14T13:01:54.337410Z

Summary

[none]

Details

Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of CBT files. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22132.

References

Affected packages

Git / github.com/linuxmint/xreader

Affected ranges

Type: GIT
Repo: https://github.com/linuxmint/xreader
Events: Introduced

0The exact introduced commit is unknown

Fixed

cd678889ecfe4e84a5cbcf3a0489e15a5e2e3736

Affected versions

1.*

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.2.0

1.2.1

1.2.2

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.6.0

1.6.1

1.6.2

1.8.0

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

2.*

2.0.0

2.0.1

2.0.2

2.2.0

2.2.1

2.2.2

2.2.3

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

2.8.0

2.8.1

2.8.2

2.8.3

3.*

3.0.0

3.0.1

3.0.2

3.2.0

3.2.1

3.2.2

3.3.0

3.4.0

3.4.1

3.4.2

3.4.3

3.4.4

3.4.5

3.6.0

3.6.1

3.6.2

3.6.3

3.8.0

3.8.1

3.8.2

3.8.3

3.8.4

master.*

master.lmde-3

master.lmde3

master.lmde4

master.lmde5

master.mint-18

master.mint-19

master.mint18

master.mint19

master.mint20