2 matches found
EUVD-2026-42622
gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...
CVE-2026-58459
gpsd (through release-3.27.5) contains a command-injection in gpsprof when processing the GPS device subtype value. The subtype is written into a generated gnuplot program via a set title statement with only quotes escaped, enabling arbitrary shell commands to execute as the user running gnuplot ...