2 matches found
CVE-2024-32487
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the...
[SECURITY] [DSA 1220-1] New pstotext packages fix arbitrary shell command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1220-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 26th, 2006 http://www.debian.org/security/faq -...