[Pkg-pascal-devel] Bug#1053373: winff: shell injection
Jakub Wilk
jwilk at jwilk.net
Mon Oct 2 20:57:43 BST 2023
Package: winff
Version: 1.5.5-9
Tags: security
WinFF doesn't correctly escape filenames that it passes to shell. If the
user is tricked to convert files with malicious names, this could result
in execution of arbitrary code.
To reproduce, try converting the file created by this command:
touch '$(cowsay pwned >&2; sleep inf).mp3'
--
Jakub Wilk
More information about the Pkg-pascal-devel
mailing list