CVE-2023-52076

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-52076

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52076.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-52076

Related

Published

2024-01-25T16:15:07Z

Modified

2025-01-15T05:03:14.258802Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.

References

Affected packages

Debian:11 / atril

Package

Name: atril
Purl: pkg:deb/debian/atril?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.24.0-1+deb11u1

Affected versions

1.*

1.24.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / atril

Package

Name: atril
Purl: pkg:deb/debian/atril?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.26.0-2+deb12u3

Affected versions

1.*

1.26.0-2

1.26.0-2+deb12u1

1.26.0-2+deb12u2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / atril

Package

Name: atril
Purl: pkg:deb/debian/atril?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.26.2-1

Affected versions

1.*

1.26.0-2

1.26.1-1

1.26.1-2

1.26.1-3

1.26.1-4

1.26.1-4.1~exp1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/mate-desktop/atril

Affected ranges

Type: GIT
Repo: https://github.com/mate-desktop/atril
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e70b21c815418a1e6ebedf6d8d31b8477c03ba50

Fixed

e70b21c815418a1e6ebedf6d8d31b8477c03ba50

Affected versions

atril-1.*

atril-1.10.0

atril-1.10.1

atril-1.11.0

atril-1.12.0

atril-1.2.0

atril-1.2.1

atril-1.7.0

atril-1.7.1

atril-1.7.2

atril-1.7.90

atril-1.8.0

atril-1.9.0

atril-1.9.1

atril-1.9.2

atril-1.9.90

mate-document-viewer-1.*

mate-document-viewer-1.1.0

mate-document-viewer-1.1.1

mate-document-viewer-1.4.0

mate-document-viewer-1.5.0

mate-document-viewer-1.6.0

mate-document-viewer-1.6.1

v1.*

v1.12.0

v1.13.0

v1.13.1

v1.14.0

v1.14.1

v1.15.0

v1.15.1

v1.15.2

v1.15.3

v1.16.0

v1.16.1

v1.17.0

v1.17.1

v1.18.0

v1.19.0

v1.19.1

v1.19.2

v1.19.3

v1.19.4

v1.19.5

v1.19.6

v1.20.0

v1.21.0

v1.21.1

v1.22.0

v1.23.0

v1.23.1

v1.23.2

v1.24.0

v1.25.0

v1.25.1

v1.26.0

v1.27.0