{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95864?format=json","vulnerability_id":"VCID-95mh-919w-43as","summary":"security update","aliases":[{"alias":"CVE-2023-52076"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052152?format=json","purl":"pkg:deb/debian/atril@1.24.0-1%2Bdeb11u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.24.0-1%252Bdeb11u1"},{"url":"http://public2.vulnerablecode.io/api/packages/583794?format=json","purl":"pkg:deb/debian/atril@1.24.0-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.24.0-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583795?format=json","purl":"pkg:deb/debian/atril@1.26.0-2%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.26.0-2%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/585380?format=json","purl":"pkg:deb/debian/atril@1.26.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.26.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583796?format=json","purl":"pkg:deb/debian/atril@1.26.2-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.26.2-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583797?format=json","purl":"pkg:deb/debian/atril@1.28.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.28.2-1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036500?format=json","purl":"pkg:deb/debian/atril@1.8.0%2Bdfsg1-2~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19yj-kyhq-c7cc"},{"vulnerability":"VCID-8ern-kbeb-j3e2"},{"vulnerability":"VCID-95mh-919w-43as"},{"vulnerability":"VCID-p3a2-3n7h-gugk"},{"vulnerability":"VCID-uvmx-ktr5-jkg2"},{"vulnerability":"VCID-v24q-8eqq-17ak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.8.0%252Bdfsg1-2~bpo70%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1036501?format=json","purl":"pkg:deb/debian/atril@1.8.1%2Bdfsg1-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19yj-kyhq-c7cc"},{"vulnerability":"VCID-8ern-kbeb-j3e2"},{"vulnerability":"VCID-95mh-919w-43as"},{"vulnerability":"VCID-p3a2-3n7h-gugk"},{"vulnerability":"VCID-uvmx-ktr5-jkg2"},{"vulnerability":"VCID-v24q-8eqq-17ak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.8.1%252Bdfsg1-4"},{"url":"http://public2.vulnerablecode.io/api/packages/1036502?format=json","purl":"pkg:deb/debian/atril@1.8.1%2Bdfsg1-4%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19yj-kyhq-c7cc"},{"vulnerability":"VCID-8ern-kbeb-j3e2"},{"vulnerability":"VCID-95mh-919w-43as"},{"vulnerability":"VCID-p3a2-3n7h-gugk"},{"vulnerability":"VCID-uvmx-ktr5-jkg2"},{"vulnerability":"VCID-v24q-8eqq-17ak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.8.1%252Bdfsg1-4%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1037667?format=json","purl":"pkg:deb/debian/atril@1.16.1-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19yj-kyhq-c7cc"},{"vulnerability":"VCID-8ern-kbeb-j3e2"},{"vulnerability":"VCID-95mh-919w-43as"},{"vulnerability":"VCID-p3a2-3n7h-gugk"},{"vulnerability":"VCID-uvmx-ktr5-jkg2"},{"vulnerability":"VCID-v24q-8eqq-17ak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.16.1-2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1052151?format=json","purl":"pkg:deb/debian/atril@1.20.3-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8ern-kbeb-j3e2"},{"vulnerability":"VCID-95mh-919w-43as"},{"vulnerability":"VCID-p3a2-3n7h-gugk"},{"vulnerability":"VCID-v24q-8eqq-17ak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/atril@1.20.3-1%252Bdeb10u1"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-52076","reference_id":"","reference_type":"","scores":[{"value":"0.11348","scoring_system":"epss","scoring_elements":"0.93521","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11348","scoring_system":"epss","scoring_elements":"0.93536","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11348","scoring_system":"epss","scoring_elements":"0.93539","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11348","scoring_system":"epss","scoring_elements":"0.93545","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11348","scoring_system":"epss","scoring_elements":"0.93565","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11348","scoring_system":"epss","scoring_elements":"0.9357","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11348","scoring_system":"epss","scoring_elements":"0.93576","published_at":"2026-04-21T12:55:00Z"},{"value":"0.11348","scoring_system":"epss","scoring_elements":"0.93581","published_at":"2026-04-24T12:55:00Z"},{"value":"0.11348","scoring_system":"epss","scoring_elements":"0.93579","published_at":"2026-04-26T12:55:00Z"},{"value":"0.11348","scoring_system":"epss","scoring_elements":"0.93577","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11348","scoring_system":"epss","scoring_elements":"0.93585","published_at":"2026-05-05T12:55:00Z"},{"value":"0.11348","scoring_system":"epss","scoring_elements":"0.93528","published_at":"2026-04-07T12:55:00Z"},{"value":"0.11758","scoring_system":"epss","scoring_elements":"0.93757","published_at":"2026-05-09T12:55:00Z"},{"value":"0.11758","scoring_system":"epss","scoring_elements":"0.93748","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-52076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52076"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061522","reference_id":"1061522","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061522"},{"reference_url":"https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50","reference_id":"e70b21c815418a1e6ebedf6d8d31b8477c03ba50","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-01-25T20:55:51Z/"}],"url":"https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50"},{"reference_url":"https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37","reference_id":"GHSA-6mf6-mxpc-jc37","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-01-25T20:55:51Z/"}],"url":"https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00003.html","reference_id":"msg00003.html","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-01-25T20:55:51Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00003.html"},{"reference_url":"https://usn.ubuntu.com/6808-1/","reference_id":"USN-6808-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6808-1/"},{"reference_url":"https://github.com/mate-desktop/atril/releases/tag/v1.26.2","reference_id":"v1.26.2","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-01-25T20:55:51Z/"}],"url":"https://github.com/mate-desktop/atril/releases/tag/v1.26.2"}],"weaknesses":[{"cwe_id":22,"name":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","description":"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory."},{"cwe_id":24,"name":"Path Traversal: '../filedir'","description":"The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ../ sequences that can resolve to a location that is outside of that directory."},{"cwe_id":25,"name":"Path Traversal: '/../filedir'","description":"The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize /../ sequences that can resolve to a location that is outside of that directory."},{"cwe_id":27,"name":"Path Traversal: 'dir/../../filename'","description":"The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal ../ sequences that can resolve to a location that is outside of that directory."}],"exploits":[],"severity_range_score":"8.5 - 8.5","exploitability":"0.5","weighted_severity":"7.7","risk_score":3.9,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-95mh-919w-43as"}