High severity7.8NVD Advisory· Published Feb 22, 2017· Updated May 13, 2026

CVE-2014-4677

Description

The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument.

Affected products

Gpgtools/Libmacgpg
cpe:2.3:a:gpgtools:libmacgpg:*:*:*:*:*:*:*:*
Range: <=0.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bierbaumer.net/security/cve-2014-4677/nvdExploitThird Party Advisory
gpgtools.org/releases/gpgsuite/2015.08/release-notes.htmlnvdRelease NotesVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000