vulnerability
SUSE: CVE-2020-17354: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:N/C:C/I:C/A:C) | 04/15/2023 | 08/09/2024 | 01/28/2025 |
Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
04/15/2023
Added
08/09/2024
Modified
01/28/2025
Description
LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, safe mode is removed, and the product no longer tries to block code execution when external files are used.
Solution(s)
suse-upgrade-guile1suse-upgrade-guile1-modules-2_2suse-upgrade-libguile-2_2-1suse-upgrade-libguile1-develsuse-upgrade-lilypondsuse-upgrade-lilypond-docsuse-upgrade-lilypond-doc-cssuse-upgrade-lilypond-doc-desuse-upgrade-lilypond-doc-essuse-upgrade-lilypond-doc-frsuse-upgrade-lilypond-doc-hususe-upgrade-lilypond-doc-itsuse-upgrade-lilypond-doc-jasuse-upgrade-lilypond-doc-nlsuse-upgrade-lilypond-doc-zhsuse-upgrade-lilypond-emmentaler-fontssuse-upgrade-lilypond-fonts-common
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.