Lucene search
GoogleOSV:CVE-2020-17353HistoryAug 05, 2020 - 2:15 p.m.
CVE-2020-17353
2020-08-0514:15:12
Google
osv.dev
7
lilypond
code execution
security vulnerability
postscript
svg
embedded code
software
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
References
git.savannah.gnu.org/gitweb/?p=lilypond.git%3Ba=commit%3Bh=b84ea4740f3279516905c5db05f4074e777c16ff
lists.opensuse.org/opensuse-security-announce/2020-09/msg00064.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00076.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QG2JUV4UTIA27JUE6IZLCEFP5PYSFPF4/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W2JYMVLTPSNYS5F7TBHKIXUZZJIJAMRX/
www.debian.org/security/2020/dsa-4756
Related
mageia
mageia
Updated lilypond package fixes a security vulnerability
2020-11-14 00:20:36
suse
suse
Security update for lilypond (moderate)
2020-09-19 00:00:00
Security update for lilypond (moderate)
2020-09-22 00:00:00
nvd
nvd
CVE-2020-17353
2020-08-05 14:15:12
openvas
openvas
Fedora: Security Advisory for lilypond (FEDORA-2020-328534eeba)
2020-08-14 00:00:00
Fedora: Security Advisory for lilypond (FEDORA-2020-7cd08d85ce)
2020-08-14 00:00:00
Debian: Security Advisory (DSA-4756-1)
2020-08-30 00:00:00
nessus
nessus
openSUSE Security Update : lilypond (openSUSE-2020-1453)
2020-09-21 00:00:00
Fedora 31 : lilypond (2020-7cd08d85ce)
2020-08-14 00:00:00
Fedora 32 : lilypond (2020-328534eeba)
2020-08-14 00:00:00
ubuntucve
ubuntucve
CVE-2020-17353
2020-08-05 00:00:00
prion
prion
Code injection
2020-08-05 14:15:00
debian
debian
[SECURITY] [DSA 4756-1] lilypond security update
2020-08-29 17:38:52
cve
cve
CVE-2020-17353
2020-08-05 14:15:12
fedora
fedora
[SECURITY] Fedora 31 Update: lilypond-2.19.84-3.fc31
2020-08-14 02:43:41
[SECURITY] Fedora 32 Update: lilypond-2.19.84-3.fc32
2020-08-14 00:42:25
debiancve
debiancve
CVE-2020-17353
2020-08-05 14:15:12
cvelist
cvelist
CVE-2020-17353
2020-08-05 12:55:02
osv
osv
lilypond - security update
2020-08-29 00:00:00
lilypond-2.23.3-1.3 on GA media
2024-06-15 00:00:00