SB2023082005 - Arbitrary code execution in LilyPond
Published: August 20, 2023
Security Bulletin ID
SB2023082005
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Security features bypass (CVE-ID: CVE-2020-17354)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper access restrictions imposed by safe mode. An attacker can pass a specially crafted .ly file to the application that bypasses the -dsafe protection mechanism via output-def-lookup or output-def-scope.
Remediation
Install update from vendor's website.
References
- https://tracker.debian.org/news/1249694/accepted-lilypond-2221-1-source-into-unstable/
- https://phabricator.wikimedia.org/T259210
- https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory
- https://gitlab.com/lilypond/lilypond/-/merge_requests/1522
- http://lilypond.org/doc/v2.18/Documentation/usage/command_002dline-usage
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K43PF6VGFJNNGAPY57BW3VMEFFOSMRLF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ST5BLLQ4GDME3SN7UE5OMNE5GZE66X4Y/