CVE-2023-52076
Publication date 25 January 2024
Last updated 24 July 2024
Ubuntu priority
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| atril | 24.04 LTS noble |
Not affected
|
| 22.04 LTS jammy |
Fixed 1.26.0-1ubuntu1.1
|
|
| 20.04 LTS focal |
Fixed 1.24.0-1ubuntu0.1
|
|
| 18.04 LTS bionic |
Fixed 1.20.1-2ubuntu2+esm1
|
|
| 16.04 LTS xenial |
Fixed 1.12.2-1ubuntu0.3+esm1
|
|
| 14.04 LTS trusty | Not in release |
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu ProSeverity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.8 · High
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-6808-1
- Atril vulnerability
- 5 June 2024