Unrated severityNVD Advisory· Published Aug 5, 2020· Updated Aug 4, 2024
CVE-2020-17353
CVE-2020-17353
Description
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- LilyPond/LilyPonddescription
- osv-coords5 versionspkg:rpm/opensuse/lilypond&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/lilypond&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/lilypond-doc&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/lilypond&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/lilypond-doc&distro=SUSE%20Package%20Hub%2015%20SP2
< 2.20.0-bp152.2.5.6+ 4 more
- (no CPE)range: < 2.20.0-bp152.2.5.6
- (no CPE)range: < 2.23.3-1.3
- (no CPE)range: < 2.20.0-lp152.2.5.10
- (no CPE)range: < 2.20.0-bp152.2.5.6
- (no CPE)range: < 2.20.0-lp152.2.5.10
Patches
Vulnerability mechanics
References
6- lists.opensuse.org/opensuse-security-announce/2020-09/msg00064.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00076.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QG2JUV4UTIA27JUE6IZLCEFP5PYSFPF4/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W2JYMVLTPSNYS5F7TBHKIXUZZJIJAMRX/mitrevendor-advisoryx_refsource_FEDORA
- www.debian.org/security/2020/dsa-4756mitrevendor-advisoryx_refsource_DEBIAN
- git.savannah.gnu.org/gitweb/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.