CVE-2023-51698
published 2024-01-12CVE-2023-51698: Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker…
PriorityP354high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
2.34%
81.5th percentile
Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | atril | < atril 1.26.0-2+deb12u2 (bookworm) | atril 1.26.0-2+deb12u2 (bookworm) |
| debian | evince | < atril 1.26.0-2+deb12u2 (bookworm) | atril 1.26.0-2+deb12u2 (bookworm) |
| gnome | evince | >= 0 < 3.25.92-1 | 3.25.92-1 |
| gnome | evince | >= 0 < 3.25.92-1 | 3.25.92-1 |
| gnome | evince | >= 0 < 3.25.92-1 | 3.25.92-1 |
| gnome | evince | >= 0 < 3.25.92-1 | 3.25.92-1 |
| mate-desktop | atril | < 1.26.3 | 1.26.3 |
| mate-desktop | atril | <= 1.26.3 | — |
| mate-desktop | atril | — | — |
| mate-desktop | atril | >= 0 < 1.24.0-1+deb11u1 | 1.24.0-1+deb11u1 |
| mate-desktop | atril | >= 0 < 1.26.0-2+deb12u2 | 1.26.0-2+deb12u2 |
| mate-desktop | atril | >= 0 < 1.26.1-4 | 1.26.1-4 |
| mate-desktop | atril | >= 0 < 1.26.1-4 | 1.26.1-4 |
| mate-desktop | atril | >= 0 < 1.24.0-1ubuntu0.2 | 1.24.0-1ubuntu0.2 |
| mate-desktop | atril | >= 0 < 1.26.0-1ubuntu1.2 | 1.26.0-1ubuntu1.2 |
| mate-desktop | atril | >= 0 < 1.20.1-2ubuntu2+esm2 | 1.20.1-2ubuntu2+esm2 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian9.6CRITICAL
vendor_ubuntu7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
atril vulnerabilities
osv·2025-02-18·CVSS 7.8
CVE-2019-1010006 [HIGH] atril vulnerabilities
atril vulnerabilities
It was discovered that Atril incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a denial of service
or to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.
(CVE-2019-1010006)
Andy Nguyen discovered that Atril incorrectly handled certain images. An
attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 16.04 LTS. (CVE-2019-11459)
Febin Mon Saji discovered that Atril incorrectly handled certain
compressed files. A remote attacker could possibly use this issue to
cause a denial of service or to execute arbitrary code. (CVE-2023-51698)
OSV
CVE-2023-51698: Atril is a simple multi-page document viewer
osv·2024-01-12·CVSS 8.8
CVE-2023-51698 [HIGH] CVE-2023-51698: Atril is a simple multi-page document viewer
Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.
Ubuntu
Atril vulnerabilities
vendor_ubuntu·2025-02-18·CVSS 7.8
CVE-2023-51698 [HIGH] Atril vulnerabilities
Title: Atril vulnerabilities
Summary: Atril could be made to crash or run programs as your login if it
opened a specially crafted file.
It was discovered that Atril incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a denial of service
or to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.
(CVE-2019-1010006)
Andy Nguyen discovered that Atril incorrectly handled certain images. An
attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 16.04 LTS. (CVE-2019-11459)
Febin Mon Saji discovered that Atril incorrectly handled certain
compressed files. A remote attacker could possibly use this issue to
cause a denial of service or to execute arbitrary code. (CVE-2023-51698)
Instructions: In
Debian
CVE-2023-51698: atril - Atril is a simple multi-page document viewer. Atril is vulnerable to a critical ...
vendor_debian·2023·CVSS 9.6
CVE-2023-51698 [CRITICAL] CVE-2023-51698: atril - Atril is a simple multi-page document viewer. Atril is vulnerable to a critical ...
Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.
Scope: local
bookworm: resolved (fixed in 1.26.0-2+deb12u2)
bullseye: resolved (fixed in 1.24.0-1+deb11u1)
forky: resolved (fixed in 1.26.1-4)
sid: resolved (fixed in 1.26.1-4)
trixie: resolved (fixed in 1.26.1-4)
No detection rules found.
No public exploits indexed.
https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1edhttps://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2https://lists.fedoraproject.org/archives/list/[email protected]/message/OT3UIQOSZ6UNH5QTFOOY2DJ4MITM2C2C/https://lists.fedoraproject.org/archives/list/[email protected]/message/OZKXNZ3HGH6KH65OEKVCEAOZJWNZ32FQ/https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1edhttps://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2https://lists.fedoraproject.org/archives/list/[email protected]/message/OT3UIQOSZ6UNH5QTFOOY2DJ4MITM2C2C/https://lists.fedoraproject.org/archives/list/[email protected]/message/OZKXNZ3HGH6KH65OEKVCEAOZJWNZ32FQ/
2024-01-12
Published