← Back

CVE-2020-17353

nvd nist
Published: Aug 5, 2020Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.

Affected (7)

Show all products
Lilypond: Lilypond · Fedoraproject: Fedora · Debian: Debian Linux · Opensuse: Backports Sle, Leap
Lilypond
1 product
Lilypond
Fedoraproject
1 product
Fedora
Debian
1 product
Debian Linux
Opensuse
2 products
Backports Sle
Leap
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Lilypond
Lilypond
Up to 2.20.0
Lilypond
From 2.21.0 to 2.21.4
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 31
Fedora
Version 32
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 10.0
Configuration D
2 vulnerable
Vulnerable SoftwareAffected Versions
Backports Sle
Version 15.0 sp2
Leap
Version 15.2

References (12)

Source: cve@mitre.org
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.