Deepin Reader
Approved changes feed: RSS · Atom
cpe:2.3:a:deepin:deepin_reader:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Deepin (26f6ea36-40df-5075-8a07-f166559a4f15) |
|---|---|
| Product | Deepin Reader (28f2e428-2e43-5918-b55a-d92b59e399c9) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/linuxdeepin/deepin-reader |
purl2cpe | 2026-06-01 10:11:31.955324 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-50254 |
vulnerable | 2026-06-08 06:16:15.844032 |
Deepin Reader RCE vulnerability due to a design flaw
CRITICAL (9.3)
Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.
Published: 2023-12-22T16:49:48.977Z
Updated: 2024-08-02T22:16:46.096Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.