Home > Vulnerability Database > CVE-2023-52076

Mend.io Vulnerability Database

CVE-2023-52076

Date: January 25, 2024

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.

Language: C

Severity Score

8.5

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-52076

Url: https://security-tracker.debian.org/tracker/CVE-2023-52076

Url: https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50

Url: https://lists.debian.org/debian-lts-announce/2024/06/msg00003.html

Url: https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37

Url: https://github.com/mate-desktop/atril/releases/tag/v1.26.2

Url: https://www.mend.io/vulnerability-database/CVE-2023-52076

Severity Score

8.5

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Path Traversal: '../filedir'

CWE-24

Path Traversal: '/../filedir'

CWE-25

Path Traversal: 'dir/../../filename'

CWE-27

CVSS v3.1

Base Score:	8.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-52076

Date: January 25, 2024

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?