vulnerability
SUSE: CVE-2020-17354: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:N/C:C/I:C/A:C) | Apr 15, 2023 | Aug 9, 2024 | Jan 28, 2025 |
Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
Apr 15, 2023
Added
Aug 9, 2024
Modified
Jan 28, 2025
Description
LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, safe mode is removed, and the product no longer tries to block code execution when external files are used.
Solutions
suse-upgrade-guile1suse-upgrade-guile1-modules-2_2suse-upgrade-libguile-2_2-1suse-upgrade-libguile1-develsuse-upgrade-lilypondsuse-upgrade-lilypond-docsuse-upgrade-lilypond-doc-cssuse-upgrade-lilypond-doc-desuse-upgrade-lilypond-doc-essuse-upgrade-lilypond-doc-frsuse-upgrade-lilypond-doc-hususe-upgrade-lilypond-doc-itsuse-upgrade-lilypond-doc-jasuse-upgrade-lilypond-doc-nlsuse-upgrade-lilypond-doc-zhsuse-upgrade-lilypond-emmentaler-fontssuse-upgrade-lilypond-fonts-common
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.