pstotiff filter : Possible shell code injection
Bug #1599832 reported by
Bernd Dietzel
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
HPLIP |
New
|
Undecided
|
Unassigned |
Bug Description
Proof of concept which will run the program xeyes but should not:
python /usr/lib/
reason :
sys.argv[6] is passed to this os.system call :
exit_code = os.system(
description: | updated |
information type: | Private Security → Public Security |
To post a comment you must log in.