Atril's CBT comic book parsing vulnerable to Remote Code Execution
CVE-2023-51698
9.6CRITICAL
What is CVE-2023-51698?
Atril, the multi-page document viewer utilized in various Linux environments, has been identified with a command injection vulnerability. This security flaw occurs when a user opens a specially crafted CBT document, which is stored as a TAR archive. An attacker can exploit this weakness to gain unauthorized access to the system, posing a risk of potential data breaches and compromise of system integrity. Users are strongly urged to apply the patches made available in commit ce41df6 to mitigate this vulnerability.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
atril <= 1.26.3
References
CVSS V3.1
Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved