CVE-2023-44451
HIGHLinux Mint Xreader - Remote Code Execution via EPUB File Parsing Path Traversal
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2023-44451. PoCs published by febinrev.
AI-analyzed exploit summary This repository contains functional exploit scripts for CVE-2023-44451, a directory traversal vulnerability in Atril/Xreader EPUB parsers. The exploits demonstrate arbitrary file write and RCE via crafted EPUB files, leveraging path traversal to place malicious .desktop entries or SSH keys.
Description
Linux Mint Xreader EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EPUB files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-21897.
Exploits (1)
This repository contains functional exploit scripts for CVE-2023-44451, a directory traversal vulnerability in Atril/Xreader EPUB parsers. The exploits demonstrate arbitrary file write and RCE via crafted EPUB files, leveraging path traversal to place malicious .desktop entries or SSH keys.
References (2)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H