VDB
GCVE-110-MAGEIA-2015-456
GCVE-110-MAGEIA-2015-456
Advisory Published
An unsafe use of string concatenation in a shell string occurs in
FontManager. If the developer allows the attacker to choose the font and
outputs an image, the attacker can execute any shell command on the remote
system. The name variable injected comes from the constructor of
FontManager, which is invoked by ImageFormatter from options
(rhbz#1276321).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | python-pygments | 1.6-8.1.mga5 (unaffected), 0 (affected) | — |
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.