scm/define-stencil-commands.scm in LilyPond up to and including 2.20.0, and 2.21.x up to and including 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lilypond lilypond |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
debian debian linux 10.0 |
||
opensuse leap 15.2 |
||
opensuse backports sle 15.0 |