CVE-2023-44451

Name of the Vulnerable Software and Affected Versions Linux Mint Xreader (affected versions not specified)

Description The issue involves a directory traversal flaw in the parsing of EPUB and CBT files within Linux Mint Xreader. This allows remote attackers to potentially execute arbitrary code on affected systems. User interaction is required, specifically, the user must open a malicious EPUB or CBT file or visit a malicious page. The flaw stems from insufficient validation of user-supplied paths before they are used in file operations. An attacker can exploit this to execute code within the context of the current user. Recent reports indicate campaigns exploiting this issue using directory traversal and fileless Python payloads.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.