CVE-2023-52076

CVSS V2 None CVSS V3 None

Description

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.

Overview

CVE ID
CVE-2023-52076

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2024-01-25T15:30:12.398Z

Last Modified Date
2024-01-25T15:30:12.398Z

Weakness Enumerations

CWE	URL
CWE-24	http://cwe.mitre.org/data/definitions/24.html
CWE-25	http://cwe.mitre.org/data/definitions/25.html
CWE-27	http://cwe.mitre.org/data/definitions/27.html
CWE-22	http://cwe.mitre.org/data/definitions/22.html

References

Reference URL	Reference Tags
https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37	x_refsource_CONFIRM
https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50	x_refsource_MISC
https://github.com/mate-desktop/atril/releases/tag/v1.26.2	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2024/06/msg00003.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-52076
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52076

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 15:07:09				Added to TrackCVE