Unrated severityNVD Advisory· Published Feb 8, 2007· Updated Apr 23, 2026

CVE-2006-6979

Description

The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.

Affected products

Amarok/Amarok
cpe:2.3:a:amarok:amarok:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.kde.org/show_bug.cginvdVendor Advisory
lists.suse.com/archive/suse-security-announce/2007-Jan/0015.htmlnvdVendor Advisory
secunia.com/advisories/23984nvdVendor Advisory
secunia.com/advisories/24159nvdVendor Advisory
secunia.com/advisories/24510nvdVendor Advisory
www.vupen.com/english/advisories/2007/0613nvdVendor Advisory
bugs.gentoo.org/show_bug.cginvd
security.gentoo.org/glsa/glsa-200703-11.xmlnvd
www.securityfocus.com/bid/22568nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000