{"id":"MGASA-2024-0224","summary":"Updated atril packages fix security vulnerability","details":"Atril Document Viewer is the default document reader of the MATE desktop\nenvironment for Linux. A path traversal and arbitrary file write\nvulnerability exists in versions of Atril prior to 1.26.2. This\nvulnerability is capable of writing arbitrary files anywhere on the\nfilesystem to which the user opening a crafted document has access. The\nonly limitation is that this vulnerability cannot be exploited to\noverwrite existing files, but that doesn't stop an attacker from\nachieving Remote Command Execution on the target system.\n(CVE-2023-52076)\n","modified":"2026-04-16T04:41:37.586787280Z","published":"2024-06-15T23:07:50Z","upstream":["CVE-2023-52076"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0224.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33282"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6808-1"}],"affected":[{"package":{"name":"atril","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/atril?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.26.1-1.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0224.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}