← Back

Tuxguitar

tuxguitar

Vendor: Herac • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-14940
1Herac
1Tuxguitar
Nov 21, 2024
Jun 23, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 (.gpx) and GP7 (.gp) tablature files.
CVE-2010-3385
1Herac
1Tuxguitar
Apr 29, 2026
Oct 20, 2010
N/A· v4
N/A· v3
6.9 MEDIUM· v2
TuxGuitar 1.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.