Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Atril's CBT comic book parsing vulnerable to Remote Code Execution
Vulnerability Description
Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Atril 操作系统命令注入漏洞
Vulnerability Description
Atril是MATE Desktop开源的一个简单的多页文档查看器。 Atril存在操作系统命令注入漏洞,该漏洞源于容易受到命令注入漏洞的影响,攻击者可以使用恶意制作的CBT文档访问目标系统。
CVSS Information
N/A
Vulnerability Type
N/A