CVE-2023-52076

CVSS v3.1

8.5

High

Vector

AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions: Atril Document Viewer versions prior to 1.26.2

Description: A path traversal and arbitrary file write issue exists in Atril Document Viewer, allowing an attacker to write arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The limitation of this issue is that it cannot be exploited to overwrite existing files. However, this does not prevent an attacker from achieving Remote Command Execution on the target system.

Recommendations: For versions prior to 1.26.2, update to version 1.26.2 or later to patch the vulnerability. As a temporary workaround, consider restricting access to crafted documents to minimize the risk of exploitation. Avoid using Atril Document Viewer to open documents from untrusted sources until the issue is resolved.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-25CWE-27CWE-22CWE-24

Related Identifiers

ALT-PU-2023-8439

ALT-PU-2024-12527

BDU:2024-05041

CVE-2023-52076

DLA-3828-1

DSA-5688-1

GHSA-6MF6-MXPC-JC37

MGASA-2024-0224

OESA-2024-1245

OESA-2024-1246

OESA-2024-1247

OESA-2024-1248

OESA-2024-1249

OESA-2024-1492

USN-6808-1

Affected Products

Alt Linux

Atril Document Viewer

Linuxmint

Red Os

Ubuntu

CVE-2023-52076

Weakness Enumeration

Related Identifiers

Affected Products

References · 44