[Pkg-pascal-devel] Bug#1053373: winff: shell injection

Jakub Wilk jwilk at jwilk.net
Mon Oct 2 20:57:43 BST 2023


Package: winff
Version: 1.5.5-9
Tags: security

WinFF doesn't correctly escape filenames that it passes to shell. If the 
user is tricked to convert files with malicious names, this could result 
in execution of arbitrary code.

To reproduce, try converting the file created by this command:

   touch '$(cowsay pwned >&2; sleep inf).mp3'

-- 
Jakub Wilk



More information about the Pkg-pascal-devel mailing list