Fluid Attacks Database

Description

Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	evince	>=0 <3.25.92-1	3.25.92-1
debian 11	atril	=1.24.0-1 \|\| >=0 <1.24.0-1+deb11u1	1.24.0-1+deb11u1
debian 12	atril	=1.26.0-2 \|\| =1.26.0-2+deb12u1 \|\| >=0 <1.26.0-2+deb12u2	1.26.0-2+deb12u2
debian 13	atril	>=0 <1.26.1-4	1.26.1-4
debian 14	atril	>=0 <1.26.1-4	1.26.1-4
debian 11	evince	>=0 <3.25.92-1	3.25.92-1
debian 12	evince	>=0 <3.25.92-1	3.25.92-1
debian 14	evince	>=0 <3.25.92-1	3.25.92-1

Aliases

1. CVE-2023-516982. NVD-2023-516983. OSV-DEBIAN-2023-516984. OSV-2023-516985. SECURITY-TRACKER-CVE-2023-51698

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.