Security features bypass in LilyPond - CVE-2020-17354
Published: August 20, 2023
Vulnerability identifier: #VU79717
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-17354
CWE-ID: CWE-254
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
LilyPond
LilyPond
Software vendor:
LilyPond
LilyPond
Description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper access restrictions imposed by safe mode. An attacker can pass a specially crafted .ly file to the application that bypasses the -dsafe protection mechanism via output-def-lookup or output-def-scope.
Remediation
Install updates from vendor's website.
External links
- https://tracker.debian.org/news/1249694/accepted-lilypond-2221-1-source-into-unstable/
- https://phabricator.wikimedia.org/T259210
- https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory
- https://gitlab.com/lilypond/lilypond/-/merge_requests/1522
- http://lilypond.org/doc/v2.18/Documentation/usage/command_002dline-usage
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K43PF6VGFJNNGAPY57BW3VMEFFOSMRLF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ST5BLLQ4GDME3SN7UE5OMNE5GZE66X4Y/