CVE-2023-51698

Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mate-desktop:atril:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:38

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 9.6
References () https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed - Patch () https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed - Patch
References () https://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2 - Exploit, Vendor Advisory () https://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2 - Exploit, Vendor Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT3UIQOSZ6UNH5QTFOOY2DJ4MITM2C2C/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT3UIQOSZ6UNH5QTFOOY2DJ4MITM2C2C/ -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZKXNZ3HGH6KH65OEKVCEAOZJWNZ32FQ/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZKXNZ3HGH6KH65OEKVCEAOZJWNZ32FQ/ -

09 Feb 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT3UIQOSZ6UNH5QTFOOY2DJ4MITM2C2C/ -

27 Jan 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZKXNZ3HGH6KH65OEKVCEAOZJWNZ32FQ/ -

22 Jan 2024, 17:57

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-12 21:15

Updated : 2024-11-21 08:38


NVD link : CVE-2023-51698

Mitre link : CVE-2023-51698

CVE.ORG link : CVE-2023-51698


JSON object : View

Products Affected

mate-desktop

  • atril
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')