mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 11:06:19 +00:00
766 B
766 B
CVE-2020-17353
Description
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
POC
Reference
No PoCs from references.