← Back

Lilypond

lilypond

Vendor: Lilypond • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-17354
1Lilypond
1Lilypond
Feb 6, 2025
Apr 15, 2023
N/A· v4
8.6 HIGH· v3
N/A· v2
LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution durin...Show more
LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, safe mode is removed, and the product no longer tries to block code execution when external files are used.Show less
CVE-2020-17353
4Debian
FedoraprojectLilypond+1 more
5Backports Sle
Debian LinuxFedora+2 more
Nov 21, 2024
Aug 5, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
CVE-2018-10992
1Lilypond
1Lilypond
Nov 21, 2024
May 11, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a c...Show more
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-17523.Show less
CVE-2017-17523
1Lilypond
1Lilypond
May 13, 2026
Dec 11, 2017
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a c...Show more
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.Show less