CVE-2023-51698 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2023-51698 Interim 1 8 2025-08-06T01:21:03Z current 2024-01-16T00:09:13Z 2025-08-06T01:21:03Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2023-51698 Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed atril-1.26.1-2.1 atril-backends-1.26.1-2.1 atril-devel-1.26.1-2.1 atril-doc-1.26.1-2.1 atril-lang-1.26.1-2.1 atril-thumbnailer-1.26.1-2.1 caja-extension-atril-1.26.1-2.1 libatrildocument3-1.26.1-2.1 libatrilview3-1.26.1-2.1 typelib-1_0-AtrilDocument-1_5_0-1.26.1-2.1 typelib-1_0-AtrilView-1_5_0-1.26.1-2.1 atril-1.26.1-2.1 as a component of openSUSE Tumbleweed atril-backends-1.26.1-2.1 as a component of openSUSE Tumbleweed atril-devel-1.26.1-2.1 as a component of openSUSE Tumbleweed atril-doc-1.26.1-2.1 as a component of openSUSE Tumbleweed atril-lang-1.26.1-2.1 as a component of openSUSE Tumbleweed atril-thumbnailer-1.26.1-2.1 as a component of openSUSE Tumbleweed caja-extension-atril-1.26.1-2.1 as a component of openSUSE Tumbleweed libatrildocument3-1.26.1-2.1 as a component of openSUSE Tumbleweed libatrilview3-1.26.1-2.1 as a component of openSUSE Tumbleweed typelib-1_0-AtrilDocument-1_5_0-1.26.1-2.1 as a component of openSUSE Tumbleweed typelib-1_0-AtrilView-1_5_0-1.26.1-2.1 as a component of openSUSE Tumbleweed Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6. CVE-2023-51698 openSUSE Tumbleweed:atril-1.26.1-2.1 openSUSE Tumbleweed:atril-backends-1.26.1-2.1 openSUSE Tumbleweed:atril-devel-1.26.1-2.1 openSUSE Tumbleweed:atril-doc-1.26.1-2.1 openSUSE Tumbleweed:atril-lang-1.26.1-2.1 openSUSE Tumbleweed:atril-thumbnailer-1.26.1-2.1 openSUSE Tumbleweed:caja-extension-atril-1.26.1-2.1 openSUSE Tumbleweed:libatrildocument3-1.26.1-2.1 openSUSE Tumbleweed:libatrilview3-1.26.1-2.1 openSUSE Tumbleweed:typelib-1_0-AtrilDocument-1_5_0-1.26.1-2.1 openSUSE Tumbleweed:typelib-1_0-AtrilView-1_5_0-1.26.1-2.1 critical 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H