High severity8.8NVD Advisory· Published Dec 14, 2017· Updated May 13, 2026

CVE-2017-17528

Description

backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

ScummVM/ScummVM2 versions
cpe:2.3:a:scummvm:scummvm:1.9.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:scummvm:scummvm:1.9.0:*:*:*:*:*:*:*
- (no CPE)range: =1.9.0
osv-coords
pkg:rpm/opensuse/scummvm&distro=openSUSE%20Tumbleweed
Range: < 2.2.0-3.3

Patches

Vulnerability mechanics

References

security-tracker.debian.org/tracker/CVE-2017-17528nvdIssue TrackingThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000