[Pkg-pascal-devel] Bug#1053373: winff: shell injection

Jakub Wilk jwilk at jwilk.net
Mon Oct 2 20:57:43 BST 2023

Package: winff
Version: 1.5.5-9
Tags: security

WinFF doesn't correctly escape filenames that it passes to shell. If the 
user is tricked to convert files with malicious names, this could result 
in execution of arbitrary code.

To reproduce, try converting the file created by this command:

   touch '$(cowsay pwned >&2; sleep inf).mp3'

Jakub Wilk

More information about the Pkg-pascal-devel mailing list