pstotiff filter : Possible shell code injection
Bug #1599832 reported by
Bernd Dietzel
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| HPLIP |
New
|
Undecided
|
Unassigned | ||
Bug Description
Proof of concept which will run the program xeyes but should not:
python /usr/lib/
reason :
sys.argv[6] is passed to this os.system call :
exit_code = os.system(
Revision history for this message
| Bernd Dietzel (l-ubuntuone1104) wrote | #1 |
| description: | updated |
| information type: | Private Security → Public Security |
To post a comment you must log in.
