Argument-injection vulnerability in LilyPond 2.19.80 via BROWSER environment variable

Argument-injection vulnerability in LilyPond 2.19.80 via BROWSER environment variable

CVE-2018-10992 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-17523.

Learn more about our Web Application Penetration Testing UK.