Linux Mint’s Document Viewer Program Xreader Fixes Vulnerabilities in EPUB and CBT Formats
The developers of the Linux Mint distribution have discovered vulnerabilities in their document viewing program, Xreader, which could potentially allow attackers to execute malicious code. The vulnerabilities were found in the program’s handling of EPUB and CBT file formats. Through specially crafted files, an attacker could exploit these vulnerabilities to execute arbitrary code. The vulnerabilities have been addressed in the latest updates for Xreader.
The vulnerabilities were due to errors in the code responsible for analyzing EPUB and CBT formats. In the case of EPUB files, the issue (CVE-2023-44451) stemmed from a coding error that allowed an attacker to manipulate file paths and access temporary file contents. The CBT vulnerability, on the other hand, was caused by improper handling of parameters, leading to the execution of arbitrary code.
The Linux Mint development team has swiftly addressed these vulnerabilities and fixed them in Xreader versions 4.0.0, 3.8.5, 3.6.6, 3.2.3, and 2.6.5. Users are strongly advised to update their Xreader installations to the latest versions to protect themselves from potential attacks.
For more information about the identified vulnerabilities, refer to the following links: