Lilypond

Lilypond

4 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.6

CVE-2020-17354

Exploit
  • EPSS 0.02%
  • Published 15.04.2023 22:15:06
  • Last modified 06.02.2025 17:15:11

LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different fi...

9.8

CVE-2020-17353

  • EPSS 1.26%
  • Published 05.08.2020 14:15:12
  • Last modified 21.11.2024 05:07:56

scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.

9.8

CVE-2018-10992

  • EPSS 0.77%
  • Published 11.05.2018 22:29:00
  • Last modified 21.11.2024 03:42:27

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by...

8.8

CVE-2017-17523

  • EPSS 0.63%
  • Published 11.12.2017 06:29:00
  • Last modified 20.04.2025 01:37:25

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by...