Remote Code Execution Vulnerability in Linux Mint Xreader
CVE-2023-44452

7.8HIGH

Key Information:

Vendor: Linux Mint
Status: Xreader
Vendor: CVE Published:; 3 May 2024

Summary

The vulnerability in Linux Mint Xreader pertains to improper validation during CBT file parsing, allowing remote attackers to potentially execute arbitrary code on user systems. To exploit this vulnerability, an attacker must trick the user into visiting a malicious web page or opening a compromised CBT file. The flaw arises because the software does not appropriately validate the user-supplied input before executing system calls, thus leading to significant security risks if the affected installations remain unpatched. It is essential for users of Linux Mint Xreader to be aware of this vulnerability and update to the latest version to mitigate potential threats.

Affected Version(s)

Xreader 3.8.2

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1836/

x_research-advisory

https://github.com/linuxmint/xreader/commit/cd678889ecfe4...

vendor-advisory

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 28, 2023