CVE-2023-50254
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-50254
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50254.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-50254
- Aliases
-
- GHSA-q9jr-726g-9495
- Downstream
- Related
- Published
- 2023-12-22T16:49:48.977Z
- Modified
- 2025-11-29T15:06:22.936553Z
- Severity
-
- 9.3 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H CVSS Calculator
- Summary
- Deepin Reader RCE vulnerability due to a design flaw
- Details
-
Deepin Linux's default document reader
deepin-readersoftware suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bashrc, .bashlogin, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue. - Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-22", "CWE-27" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/50xxx/CVE-2023-50254.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/50xxx/CVE-2023-50254.json
- https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04
- https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6
- https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495
- https://nvd.nist.gov/vuln/detail/CVE-2023-50254
Affected packages
Git / github.com/linuxdeepin/deepin-reader
Affected ranges
- Type
- GIT
- Repo
- https://github.com/linuxdeepin/deepin-reader
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.0.1
1.*
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
5.*
5.10.1
5.10.10
5.10.11
5.10.14
5.10.15
5.10.18
5.10.2
5.10.22
5.10.23
5.10.24
5.10.25
5.10.26
5.10.27
5.10.28
5.10.29
5.10.3
5.10.4
5.10.5
5.10.6
5.10.7
5.10.8
5.10.9
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6
5.2.7
5.2.8
5.2.9
5.3.0
5.3.1
5.3.2
5.3.4
5.3.5
5.3.6
5.3.7
5.3.8
5.3.9
5.4.0
5.4.1
5.4.2
5.4.3
5.4.4
5.4.5
5.4.6
5.4.7
5.4.8
5.4.9
5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.5.1
5.5.5.2
5.6.1
5.6.10
5.6.11
5.6.12
5.6.13
5.6.14
5.6.15
5.6.2
5.6.3
5.6.3.1
5.6.4
5.6.5
5.6.6
5.6.7
5.6.8
5.6.9
5.7.0.1
5.7.0.10
5.7.0.11
5.7.0.12
5.7.0.13
5.7.0.15
5.7.0.16
5.7.0.17
5.7.0.18
5.7.0.19
5.7.0.2
5.7.0.20
5.7.0.22
5.7.0.23
5.7.0.24
5.7.0.25
5.7.0.26
5.7.0.27
5.7.0.28
5.7.0.29
5.7.0.30
5.7.0.8
5.7.0.9
5.8.0.1
5.8.0.5
5.8.0.7
5.8.0.8
5.9.0.1
5.9.0.10
5.9.0.11
5.9.0.12
5.9.0.13
5.9.0.14
5.9.0.15
5.9.0.16
5.9.0.17
5.9.0.18
5.9.0.19
5.9.0.2
5.9.0.20
5.9.0.21
5.9.0.22
5.9.0.23
5.9.0.24
5.9.0.25
5.9.0.26
5.9.0.3
5.9.0.4
5.9.0.5
5.9.0.6
5.9.0.7
5.9.0.8
5.9.0.9
5.9.1.2
5.9.15
5.9.17
5.9.18
5.9.2
5.9.4
5.9.6
6.*
6.0.0
6.0.1
6.0.2
6.0.4
6.0.5
6.0.6