PT-2024-1195 · Atril+4 · Atril+4

Febinrev

Published

2024-01-12

Updated

2025-02-18

CVE-2023-51698

CVSS v2.0

9.7

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:P

Name of the Vulnerable Software and Affected Versions Atril (affected versions not specified)

Description The issue is related to a Command Injection Vulnerability in Atril, a simple multi-page document viewer. This vulnerability allows an attacker to gain immediate access to the target system when a crafted document is opened or a malicious link is clicked, utilizing a maliciously crafted CBT document which is a TAR archive.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

ALT-PU-2023-8439

ALT-PU-2024-12527

BDU:2024-00525

CVE-2023-51698

DLA-3828-1

DSA-5688-1

GHSA-34RR-J8V9-V4P2

OESA-2024-1492

OESA-2024-1493

OESA-2024-1521

OESA-2024-1522

OESA-2024-1523

OESA-2024-1612

OPENSUSE-SU-2024:13614-1

USN-7274-1

Affected Products

Alt Linux

Atril

Linuxmint

Red Os

Ubuntu

PT-2024-1195 · Atril+4 · Atril+4

CVE-2023-51698

Weakness Enumeration

Related Identifiers

Affected Products

References · 41