Remote Code Execution Vulnerability in Linux Mint Xreader
CVE-2023-44452
7.8HIGH
Summary
The vulnerability in Linux Mint Xreader pertains to improper validation during CBT file parsing, allowing remote attackers to potentially execute arbitrary code on user systems. To exploit this vulnerability, an attacker must trick the user into visiting a malicious web page or opening a compromised CBT file. The flaw arises because the software does not appropriately validate the user-supplied input before executing system calls, thus leading to significant security risks if the affected installations remain unpatched. It is essential for users of Linux Mint Xreader to be aware of this vulnerability and update to the latest version to mitigate potential threats.
Affected Version(s)
Xreader 3.8.2
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved