VYPR
High severity8.8OSV Advisory· Published Dec 14, 2017· Updated Jun 17, 2026

CVE-2017-17527

CVE-2017-17527

Description

delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code referencing the BROWSER environment variable is never used

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Pasdoc Project/PasdocOSV3 versions
    0.14.0+ 2 more
    • (no CPE)range: 0.14.0
    • cpe:2.3:a:pasdoc_project:pasdoc:0.14:*:*:*:*:*:*:*
    • (no CPE)range: <=0.14
  • Debian/linux3 versions
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.