4 matches found
Updated terminology package fixes security vulnerability CVE-2018-20167
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...
CVE-2018-20167
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...
CVE-2018-20167
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...
CVE-2018-20167
CVE-2018-20167 affects Terminology before 1.3.1. A mishandled popmedia control sequence can trigger the execution of executable file formats via xdg-open when rendering unknown media types, enabling remote code execution. The issue depends on a crafted control sequence (e.g., via a fake project) ...