CVE-2023-52076: 
NixOS vulnerability analysis and mitigation

CVE-2023-52076 (also known as 'Slippy-Book') is a critical path traversal and arbitrary file write vulnerability discovered in Atril Document Viewer, the default document reader of the MATE desktop environment for Linux. The vulnerability affects versions prior to 1.26.2 and impacts multiple Linux distributions including Kali Linux, Parrot Security OS, Ubuntu-MATE, and Xubuntu. The vulnerability was disclosed in January 2024 (GHSA Advisory).

The vulnerability allows an attacker to write arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. While it cannot overwrite existing files, it can create new files in any accessible location. The vulnerability is triggered when processing EPUB documents, though attackers can also rename malicious EPUB files to PDF to exploit the vulnerability. The issue has received a CVSS v3.1 base score of 7.8 HIGH from NVD and 8.5 HIGH from GitHub (NVD Database).

The vulnerability can lead to Remote Command Execution (RCE) on the target system through multiple attack vectors. An attacker can achieve RCE by placing malicious .desktop entries in the autostart directory, writing to the authorized_keys file for SSH access, or creating malicious configuration files in the user's home directory. This is particularly concerning for security researchers who commonly use affected distributions like Kali Linux and Parrot OS (GHSA Advisory).

The vulnerability has been patched in Atril version 1.26.2. Various Linux distributions have released security updates to address this vulnerability, including Debian which has released version 1.20.3-1+deb10u2 for Debian 10 (Debian Advisory). Users are strongly advised to update their systems to the latest version of Atril.