Vulnerability Details CVE-2023-51698
Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.023
EPSS Ranking 84.2%
CVSS Severity
CVSS v3 Score 9.6
References
- https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed
- https://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT3UIQOSZ6UNH5QTFOOY2DJ4MITM2C2C/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZKXNZ3HGH6KH65OEKVCEAOZJWNZ32FQ/
- https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed
- https://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT3UIQOSZ6UNH5QTFOOY2DJ4MITM2C2C/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZKXNZ3HGH6KH65OEKVCEAOZJWNZ32FQ/
Products affected by CVE-2023-51698
-
cpe:2.3:a:mate-desktop:atril:-
-
cpe:2.3:a:mate-desktop:atril:1.10.0
-
cpe:2.3:a:mate-desktop:atril:1.10.1
-
cpe:2.3:a:mate-desktop:atril:1.10.2
-
cpe:2.3:a:mate-desktop:atril:1.10.3
-
cpe:2.3:a:mate-desktop:atril:1.11.0
-
cpe:2.3:a:mate-desktop:atril:1.12.0
-
cpe:2.3:a:mate-desktop:atril:1.12.1
-
cpe:2.3:a:mate-desktop:atril:1.12.2
-
cpe:2.3:a:mate-desktop:atril:1.13.0
-
cpe:2.3:a:mate-desktop:atril:1.13.1
-
cpe:2.3:a:mate-desktop:atril:1.14.0
-
cpe:2.3:a:mate-desktop:atril:1.14.1
-
cpe:2.3:a:mate-desktop:atril:1.14.2
-
cpe:2.3:a:mate-desktop:atril:1.15.0
-
cpe:2.3:a:mate-desktop:atril:1.15.1
-
cpe:2.3:a:mate-desktop:atril:1.15.2
-
cpe:2.3:a:mate-desktop:atril:1.15.3
-
cpe:2.3:a:mate-desktop:atril:1.16.0
-
cpe:2.3:a:mate-desktop:atril:1.16.1
-
cpe:2.3:a:mate-desktop:atril:1.17.0
-
cpe:2.3:a:mate-desktop:atril:1.17.1
-
cpe:2.3:a:mate-desktop:atril:1.18.0
-
cpe:2.3:a:mate-desktop:atril:1.18.1
-
cpe:2.3:a:mate-desktop:atril:1.18.2
-
cpe:2.3:a:mate-desktop:atril:1.18.3
-
cpe:2.3:a:mate-desktop:atril:1.18.4
-
cpe:2.3:a:mate-desktop:atril:1.18.5
-
cpe:2.3:a:mate-desktop:atril:1.19.0
-
cpe:2.3:a:mate-desktop:atril:1.19.1
-
cpe:2.3:a:mate-desktop:atril:1.19.2
-
cpe:2.3:a:mate-desktop:atril:1.19.3
-
cpe:2.3:a:mate-desktop:atril:1.19.4
-
cpe:2.3:a:mate-desktop:atril:1.19.5
-
cpe:2.3:a:mate-desktop:atril:1.19.6
-
cpe:2.3:a:mate-desktop:atril:1.2.0
-
cpe:2.3:a:mate-desktop:atril:1.2.1
-
cpe:2.3:a:mate-desktop:atril:1.20.0
-
cpe:2.3:a:mate-desktop:atril:1.20.1
-
cpe:2.3:a:mate-desktop:atril:1.20.2
-
cpe:2.3:a:mate-desktop:atril:1.20.3
-
cpe:2.3:a:mate-desktop:atril:1.21.0
-
cpe:2.3:a:mate-desktop:atril:1.21.1
-
cpe:2.3:a:mate-desktop:atril:1.22.0
-
cpe:2.3:a:mate-desktop:atril:1.22.1
-
cpe:2.3:a:mate-desktop:atril:1.22.2
-
cpe:2.3:a:mate-desktop:atril:1.22.3
-
cpe:2.3:a:mate-desktop:atril:1.23.0
-
cpe:2.3:a:mate-desktop:atril:1.23.1
-
cpe:2.3:a:mate-desktop:atril:1.23.2
-
cpe:2.3:a:mate-desktop:atril:1.24.0
-
cpe:2.3:a:mate-desktop:atril:1.24.1
-
cpe:2.3:a:mate-desktop:atril:1.25.0
-
cpe:2.3:a:mate-desktop:atril:1.25.1
-
cpe:2.3:a:mate-desktop:atril:1.26.0
-
cpe:2.3:a:mate-desktop:atril:1.26.1
-
cpe:2.3:a:mate-desktop:atril:1.26.2
-
cpe:2.3:a:mate-desktop:atril:1.26.3
-
cpe:2.3:a:mate-desktop:atril:1.7.0
-
cpe:2.3:a:mate-desktop:atril:1.7.1
-
cpe:2.3:a:mate-desktop:atril:1.7.2
-
cpe:2.3:a:mate-desktop:atril:1.7.90
-
cpe:2.3:a:mate-desktop:atril:1.8.0
-
cpe:2.3:a:mate-desktop:atril:1.8.1
-
cpe:2.3:a:mate-desktop:atril:1.9.0
-
cpe:2.3:a:mate-desktop:atril:1.9.1
-
cpe:2.3:a:mate-desktop:atril:1.9.2
-
cpe:2.3:a:mate-desktop:atril:1.9.90