Arbitrary Code Execution
Lilibguestfs is vulnerable to arbitrary command execution. When --remote or --listen option is used for creating a temporary socket file in this directory, the ownership of /tmp/.guestfish-$UID/ is not validated properly, leading to write to the socket and execute arbitrary commands by creating...