The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote malicious users to execute arbitrary commands via a crafted file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
freedesktop xdg-utils 1.1.0 |
||
debian debian linux 7.0 |
||
debian debian linux 8.0 |