CVE-2025-32439 pleezer allows resource exhaustion through uncollected hook script processes

pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even...

CVE-2025-32439

CVE-2025-32439 affects pleezer prior to version 0.16.0. Root cause: hook scripts are spawned without proper child process cleanup, causing zombie processes to accumulate with each track change and playback event. This can lead to resource exhaustion as the system process table fills, potentially ...

Pleezer resource exhaustion through uncollected hook script processes

Impact Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In affected versions, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even during normal usage, every track change an...

GHSA-472W-7W45-G3W5 Pleezer resource exhaustion through uncollected hook script processes

Impact Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In affected versions, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even during normal usage, every track change an...

GHSA-2MQJ-M65W-JGHX Untrusted search path under some conditions on Windows allows arbitrary code execution

Summary This issue exists because of an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on Windows, a malicious git.exe or bash.exe may b...

OPENSUSE-SU-2021:1070-1 Security update for fossil

This update for fossil fixes the following issues: - fossil 2.12.1: CVE-2020-24614: Remote authenticated users with check-in or administrative privileges could have executed arbitrary code boo1175760 Security fix in the 'fossil git export' command. New 'safety-net' features were added to prevent...

openSUSE Security Update : fossil (openSUSE-2020-1478)

This update for fossil fixes the following issues : - fossil 2.12.1 : - CVE-2020-24614: Remote authenticated users with check-in or administrative privileges could have executed arbitrary code boo1175760 - Security fix in the 'fossil git export' command. New 'safety-net' features were added to...

FreeBSD : devel/subversion -- contrib hook-scripts can allow arbitrary code execution (6d0bf320-ca39-11e2-9673-001e8c75030d)

Subversion team reports : The script contrib/hook-scripts/check-mime-type.pl does not escape argv arguments to 'svnlook' that start with a hyphen. This could be used to cause 'svnlook', and hence check-mime-type.pl, to error out. The script contrib/hook-scripts/svn-keyword-check.pl parses filenam...

devel/subversion -- contrib hook-scripts can allow arbitrary code execution

Subversion team reports: The script contrib/hook-scripts/check-mime-type.pl does not escape argv arguments to 'svnlook' that start with a hyphen. This could be used to cause 'svnlook', and hence check-mime-type.pl, to error out. The script contrib/hook-scripts/svn-keyword-check.pl parses filename...