linuxdeepin/deepin-reader

Releases250

Frequency1 week 2 days

Last Release 30 days ago

Stars26

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-50254 ↗	Dec 22, 2023Friday, 22 December 2023, 17:15	9.3 CRITICAL	—
Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.