CVE-2023-52076 — Path Traversal in Atril

CWE-22 — Path Traversal CWE-24 — Path Traversal: '../filedir'CWE-25 — Path Traversal: '/../filedir'CWE-27 — Path Traversal: 'dir/../../filename'6 documents6 sources

Severity

7.8HIGHNVD

CNA8.5VulnCheck8.5

EPSS

11.3%

top 6.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mate-desktop Atril

Timeline

PublishedJan 25

Latest updateJun 5

Description

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Ex…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5mate-desktop/atril< 1.26.2

▶NVDmate-desktop/atril< 1.26.2

▶Debianmate-desktop/atril< 1.24.0-1+deb11u1+3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

Remote Code Execution Vulnerability in Atril's EPUB ebook parsing↗2024-01-25

▶

OSV

CVE-2023-52076: Atril Document Viewer is the default document reader of the MATE desktop environment for Linux↗2024-01-25

▶

VulnCheck

mate-desktop atril Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')↗2023

▶

📋Vendor Advisories

Ubuntu

Atril vulnerability↗2024-06-05

▶

Debian

CVE-2023-52076: atril - Atril Document Viewer is the default document reader of the MATE desktop environ...↗2023

▶