CVE-2023-51698

Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "last_affected": "1.26.3"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/51xxx/CVE-2023-51698.json",
    "cwe_ids": [
        "CWE-78"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/mate-desktop/atril

Affected ranges

Type

GIT

Repo

https://github.com/mate-desktop/atril

Events

Introduced

Fixed

ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed

Database specific

{
    "source": "REFERENCES"
}

Affected versions

atril-1.*

atril-1.10.0

atril-1.10.1

atril-1.11.0

atril-1.12.0

atril-1.2.0

atril-1.2.1

atril-1.7.0

atril-1.7.1

atril-1.7.2

atril-1.7.90

atril-1.8.0

atril-1.9.0

atril-1.9.1

atril-1.9.2

atril-1.9.90

mate-document-viewer-1.*

mate-document-viewer-1.1.0

mate-document-viewer-1.1.1

mate-document-viewer-1.4.0

mate-document-viewer-1.5.0

mate-document-viewer-1.6.0

mate-document-viewer-1.6.1

v1.*

v1.12.0

v1.13.0

v1.13.1

v1.14.0

v1.14.1

v1.15.0

v1.15.1

v1.15.2

v1.15.3

v1.16.0

v1.16.1

v1.17.0

v1.17.1

v1.18.0

v1.19.0

v1.19.1

v1.19.2

v1.19.3

v1.19.4

v1.19.5

v1.19.6

v1.20.0

v1.21.0

v1.21.1

v1.22.0

v1.23.0

v1.23.1

v1.23.2

v1.24.0

v1.25.0

v1.25.1

v1.26.0

v1.27.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-51698.json"