Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 7 MGASA-2020-0414 Moderate: Lilypond Arbitrary Code Execution

mageia
Calendar Grey November 13, 2020
Dist Mageia Esm H88
MGASA-2023-0701: The revised fontforge package addresses a vulnerability in graphical mode affecting font creation processes.
It was discovered that Lilypond, a program for typesetting sheet music, did not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which could resul...

Summary

It was discovered that Lilypond, a program for typesetting sheet music, did not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which could result in the execution of arbitrary code when rendering a typesheet file with embedded Postscript code. (CVE-2020-17353)

References

- https://bugs.mageia.org/show_bug.cgi?id=27174

- https://lists.debian.org/debian-security-announce/2020/msg00163.html

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QG2JUV4UTIA27JUE6IZLCEFP5PYSFPF4/

- https://www.cve.org/CVERecord?id=CVE-2020-17353

Topics%20covered

Topics Covered

security advisory update arbitrary code execution SVG mageia lilypond Postscript

Resolution

SRPMS

- 7/core/lilypond-2.19.83-1.1.mga7

Publication date: 13 Nov 2020
URL: https://advisories.mageia.org/MGASA-2020-0414.html
Type: security
CVE: CVE-2020-17353

Topics%20covered

Topics Covered

security advisory update arbitrary code execution SVG mageia lilypond Postscript

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here