{"id":"CVE-2023-51698","summary":"Atril's CBT comic book parsing vulnerable to Remote Code Execution","details":"Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.","aliases":["GHSA-34rr-j8v9-v4p2"],"modified":"2026-04-10T05:06:51.645015Z","published":"2024-01-12T20:27:31.551Z","related":["openSUSE-SU-2024:13614-1"],"database_specific":{"cwe_ids":["CWE-78"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/51xxx/CVE-2023-51698.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT3UIQOSZ6UNH5QTFOOY2DJ4MITM2C2C/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZKXNZ3HGH6KH65OEKVCEAOZJWNZ32FQ/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/51xxx/CVE-2023-51698.json"},{"type":"ADVISORY","url":"https://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-51698"},{"type":"FIX","url":"https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mate-desktop/atril","events":[{"introduced":"0"},{"fixed":"ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed"}]},{"type":"GIT","repo":"https://github.com/mate-desktop/atril","events":[{"introduced":"0"},{"fixed":"ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed"}]}],"versions":["atril-1.10.0","atril-1.10.1","atril-1.11.0","atril-1.12.0","atril-1.2.0","atril-1.2.1","atril-1.7.0","atril-1.7.1","atril-1.7.2","atril-1.7.90","atril-1.8.0","atril-1.9.0","atril-1.9.1","atril-1.9.2","atril-1.9.90","mate-document-viewer-1.1.0","mate-document-viewer-1.1.1","mate-document-viewer-1.4.0","mate-document-viewer-1.5.0","mate-document-viewer-1.6.0","mate-document-viewer-1.6.1","v1.12.0","v1.13.0","v1.13.1","v1.14.0","v1.14.1","v1.15.0","v1.15.1","v1.15.2","v1.15.3","v1.16.0","v1.16.1","v1.17.0","v1.17.1","v1.18.0","v1.19.0","v1.19.1","v1.19.2","v1.19.3","v1.19.4","v1.19.5","v1.19.6","v1.20.0","v1.21.0","v1.21.1","v1.22.0","v1.23.0","v1.23.1","v1.23.2","v1.24.0","v1.25.0","v1.25.1","v1.26.0","v1.27.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-51698.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.26.3"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L"}]}