CVE-2023-52076

moderate-risk

Published 2024-01-25

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.

Do I need to act?

11.3% chance of exploitation in next 30 days

EPSS score — higher than 89% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.5/10 High

LOCAL / LOW complexity

Affected Products (1)

Atril

Affected Vendors

Mate-Desktop

References (8)

Patch https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c0...

Release Notes https://github.com/mate-desktop/atril/releases/tag/v1.26.2

Exploit https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37

https://lists.debian.org/debian-lts-announce/2024/06/msg00003.html

Patch https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c0...

Release Notes https://github.com/mate-desktop/atril/releases/tag/v1.26.2

Exploit https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37

https://lists.debian.org/debian-lts-announce/2024/06/msg00003.html

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 11/34 · Low

Exposure 5/34 · Minimal