Upstream information

CVE-2023-51698 at MITRE

Description

Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

CVSS v3 Scores
  National Vulnerability Database
Base Score 8.8
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1218806 [NEW]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • atril >= 1.26.1-2.1
  • atril-backends >= 1.26.1-2.1
  • atril-devel >= 1.26.1-2.1
  • atril-doc >= 1.26.1-2.1
  • atril-lang >= 1.26.1-2.1
  • atril-thumbnailer >= 1.26.1-2.1
  • caja-extension-atril >= 1.26.1-2.1
  • libatrildocument3 >= 1.26.1-2.1
  • libatrilview3 >= 1.26.1-2.1
  • typelib-1_0-AtrilDocument-1_5_0 >= 1.26.1-2.1
  • typelib-1_0-AtrilView-1_5_0 >= 1.26.1-2.1
 Patchnames:
openSUSE Tumbleweed GA atril-1.26.1-2.1

SUSE Timeline for this CVE

CVE page created: Fri Jan 12 23:00:19 2024
CVE page last modified: Wed Jan 24 00:40:13 2024